CRUX
Threads by month
- ----- 2024 -----
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
October 2023
- 2 participants
- 11 discussions
Dear fellow Crux-users,
Recently there was some discussion in the IRC channel about how to make crux more `alive' and
`attractive'.
Being a relative new user I would like to share my thoughts.
First of all, Crux has a lot of good things to offer: It's simplicity and script based
orientation are unique. The package management through ports is simple but effective.
Also there is some good documentation (but may be improved).
And (last but not least) there's a friendly and helpful community.
When I started out with Crux it took a while before I had everything up and running.
Although I had used Arch for some while, went through the LFS-book twice, there was still
a lot of ground to make up before I had my laptop configured the same way when using Arch.
I had to hone several skills: building my own kernel, creating some udev rules, setting up
networking using wpa_supplicant only (I know nm is at hand) and so on.
Although the somewhat steep learning curve belongs to the way Crux works, there can be
some minor improvements made which may help newcomers finding their way around more easily.
First of, maybe Crux can become a rolling distro, with a new iso every month / 2 months.
In practice it already seems to be. There are unofficial updated iso's and once you got
everything installed everything can be kept up-to-date.
As a new user I used the official iso (which is good practice I think), but after building
the kernel, running a sysup was a bit of a showstopper. Almost all of the packages needed
to be updated. When using the more recent unofficial iso, this is obvious not the case.
Secondly, there is a lot of good documentation -especially on the Crux specific parts- but
having two sources (Handbook and wiki) is somewhat confusing sometimes.
Maybe merge the handbook into the wiki with an entry for installing Crux (like the installation
guide on the Arch wiki)?
The guide will walk the new user through a basic installation with links to several
options (e.q. encrypting harddrive, using different bootloaders).
At the end of the guide there can be some links to other entry (how to install packages,
e.d.).
It would be helpful if there is a basic `how to compile your own kernel'-tutorial.
Something along the lines of `make defconfig', enabling audio and video support, untick
some of the wlan firmware drivers, etc. Copying the bzImage and System.map and updating the
boatloader.
Lastly a guide on creating and maintaining your own repo (which is part of the charm of using
Crux I think), would be very helpful.
Beerman / Tim's guide would be a great starting point IMHO.
https://gist.github.com/TimB87/6cf010c0c10d67faf98ae03e62ffb029
As for the documentation, for the most part it's a matter of reorganizing.
Maybe a `further reading' section can be added at the end of an entry, with links to useful
sources like the Arch wiki / offical kernel documentation and so on.
The goal here is to keep it simple (of course ;-))
I'll be happy to help out with (re)writing some parts.
What do you think?
Would this be helpful?
Or are there other / better options?
Kind regards,
Hans
9
13
ports/contrib (3.7): [notify] docker: updated to version 24.0.7, security fixes
by crux@crux.nu 30 Oct '23
by crux@crux.nu 30 Oct '23
30 Oct '23
commit 1671f5826c3396257d49c4710cc53d9d4f65db3e
Author: Matt Housh <jaeger(a)crux.ninja>
Date: Mon Oct 30 10:43:19 2023 -0500
[notify] docker: updated to version 24.0.7, security fixes
Hardens against CVE-2020-8694, CVE-2020-8695, CVE-2020-12912, and
the "PLATYPUS attack". See the following for details:
https://github.com/moby/moby/releases/tag/v24.0.7
https://scout.docker.com/vulnerabilities/id/CVE-2020-8694
https://scout.docker.com/vulnerabilities/id/CVE-2020-8695
https://scout.docker.com/vulnerabilities/id/CVE-2020-12912
https://platypusattack.com/
diff --git a/docker/.signature b/docker/.signature
index 0dc3bf3c0..e755879ca 100644
--- a/docker/.signature
+++ b/docker/.signature
@@ -1,9 +1,9 @@
untrusted comment: verify with /etc/ports/contrib.pub
-RWSagIOpLGJF32wq9stahdjwQQKC+PrjU/JQ2/0yaTs7Kqy981yPP3yu/kIMDaHmeP/2aXz68FSqdND0GQPPy/5w2vLKyEp0dgc=
-SHA256 (Pkgfile) = ee8189ce0a66ff07c793951a09d55a97fc04c4234cafc53d34d2980b62fe3ad9
+RWSagIOpLGJF32DXOAeBtEsQEPaasrhSu0iDmoMmf0NtTk+szvueR0syKAa+HeEA+j4bNc9x4wXA7XL+h+6XWXc4KVMALiodlgU=
+SHA256 (Pkgfile) = ca376ecbb8c0e4ffd49b4d0ef1fc1df191b49b9a7d66fe8c222a91bdbfd8f45d
SHA256 (.footprint) = c8111b37e6914ff4ea18f27c1de11be08ffb19d45367e352e8dc2e80036a657e
-SHA256 (moby-24.0.6.tar.gz) = 29a8ee54e9ea008b40eebca42dec8b67ab257eb8ac175f67e79c110e4187d7d2
-SHA256 (cli-24.0.6.tar.gz) = c1a4a580ced3633e489c5c9869a20198415da44df7023fdc200d425cdf5fa652
-SHA256 (docker-man-pages-24.0.6.tar.xz) = 9822014e2eb59c2433ce87d2571a2d270979dc9a53d542c003085a73e37b97ae
+SHA256 (moby-24.0.7.tar.gz) = 16a2cb4cf4d314a070085e0df06e3a6bd9ec678d28715b64060af694fc9051d5
+SHA256 (cli-24.0.7.tar.gz) = 72a54d131c28938221c81bd08364459fed9c71c093d4d615d324aaf31de6db1d
+SHA256 (docker-man-pages-24.0.7.tar.xz) = 2f3f1b55bfd15d2988928efe30f1289a7453c07deafa7bac908c86d0fa4be1db
SHA256 (docker.rc) = 258ff4d10d199b2b847df07d22eac04bb8bd749a10af29d67111e53a8b81a46c
SHA256 (docker.conf) = dd5ccd90bd1e8906d8ecf76dca062f8b4c837daeed765be155513dc34c2ee245
diff --git a/docker/Pkgfile b/docker/Pkgfile
index ceef34afa..dd7b983b4 100644
--- a/docker/Pkgfile
+++ b/docker/Pkgfile
@@ -4,17 +4,17 @@
# Depends on: containerd runc btrfs-progs cgroupfs-mount
name=docker
-version=24.0.6
+version=24.0.7
release=1
source=(https://github.com/moby/moby/archive/v${version}/moby-${version}.ta… \
https://github.com/docker/cli/archive/v${version}/cli-${version}.tar.gz \
- http://jaeger.morpheus.net/linux/crux/files/$name-man-pages-$version.tar.xz \
+ http://crux.nu/files/$name-man-pages-$version.tar.xz \
$name.rc $name.conf)
build() {
export GO111MODULE=auto
export GOPATH=$SRC
- export DOCKER_GITCOMMIT=1a79695
+ export DOCKER_GITCOMMIT=311b9ff
export DOCKER_BUILDTAGS='seccomp'
export DISABLE_WARN_OUTSIDE_CONTAINER=1
export CGO_CFLAGS="${CFLAGS}"
1
0
ports/contrib (3.7): [notify]: open-vm-tools: updated to version 12.3.5-22544099, security fixes
by crux@crux.nu 29 Oct '23
by crux@crux.nu 29 Oct '23
29 Oct '23
commit 19f92213584c2b6a2464406f9488f49e6cb53288
Author: Matt Housh <jaeger(a)crux.ninja>
Date: Sun Oct 29 14:58:24 2023 -0500
[notify]: open-vm-tools: updated to version 12.3.5-22544099, security fixes
Fixes CVE-2023-34058 and CVE-2023-34059, see the following for details:
https://github.com/advisories/GHSA-h5hf-5wcj-6hmf
https://www.vmware.com/security/advisories/VMSA-2023-0024.html
https://github.com/advisories/GHSA-q6p8-m5f4-4vmp
diff --git a/open-vm-tools/.signature b/open-vm-tools/.signature
index f01285386..92344f892 100644
--- a/open-vm-tools/.signature
+++ b/open-vm-tools/.signature
@@ -1,6 +1,6 @@
untrusted comment: verify with /etc/ports/contrib.pub
-RWSagIOpLGJF37kj4bxM7Q5gCL8UFP0rei9OlcbG5Fr9NTdO6vZz4jiO66T1K5n0g268uRult1ghUAUMfq4qbkFzLoH/WvIvrQo=
-SHA256 (Pkgfile) = 7d6150bbb5e379914e5231e01011d02fde42d77bafb140b10ff4430d90f611eb
+RWSagIOpLGJF3zEqy1+GrRubtJ2O0eF7Ei549t3mP8XTBTMDGxLzXiGVSCI2MAdh6OpyZzja9AivXS+4NvdBV35i9fGf4m/rtws=
+SHA256 (Pkgfile) = 8c0b18422ea97d098f6fac012ebbde95a4431be7f957ff84193019fa952bf611
SHA256 (.footprint) = bd0d25babec80af6e0fab471b12179465459559dc665deb5cce5c95dd0af1d37
-SHA256 (open-vm-tools-12.3.0-22234872.tar.gz) = 0f9c9ddebdded365bc4f0a03cad8b8b7ff9f32651fe04fb390eab7d898c77a8f
+SHA256 (open-vm-tools-12.3.5-22544099.tar.gz) = 6003eb5643098a43ff116497891a9875d208841667d15894eeceec28b4f1c3cf
SHA256 (vmtoolsd) = a443b32dd7b0505db463ed20ff10c0ea3aefc41f003feb704921afa4c72325d8
diff --git a/open-vm-tools/Pkgfile b/open-vm-tools/Pkgfile
index 59b36dda7..e72593f7d 100644
--- a/open-vm-tools/Pkgfile
+++ b/open-vm-tools/Pkgfile
@@ -4,7 +4,7 @@
# Depends on: libmspack glib rpcsvc-proto fuse
name=open-vm-tools
-version=12.3.0-22234872
+version=12.3.5-22544099
release=1
source=(https://github.com/vmware/$name/releases/download/stable-${version%… \
vmtoolsd)
1
0
25 Oct '23
commit df82dd947d315b90d631ba848ba8bd6efad2c7ff
Author: Juergen Daubert <jue(a)jue.li>
Date: Wed Oct 25 10:40:37 2023 +0200
[notify] xorg-server: security update to 21.1.9
https://lists.x.org/archives/xorg-announce/2023-October/003430.html
diff --git a/xorg-server/.signature b/xorg-server/.signature
index df05807e..b0cd5bd2 100644
--- a/xorg-server/.signature
+++ b/xorg-server/.signature
@@ -1,5 +1,5 @@
untrusted comment: verify with /etc/ports/xorg.pub
-RWTSGWF5Q7TndPkQbX3cDcK1MdZg/IRgV9V93dieBRhH/TR01jyYBOAFe+5UDURdhG4EaGbmHOdomib4o/I+7KoJWV68dlHo5Ak=
-SHA256 (Pkgfile) = 4a7f0288ddfaea4f6c44f60e1362962b576a3dd200c44e4f55c5193f061bd0d0
+RWTSGWF5Q7TndI6pjt3WcznAsa+kH6dws5mKSIF9AsaoGKdg10XwoDtcTcBfmIfirBsUUjY83ddorOJLg5egyfuWXXeDNfTavwc=
+SHA256 (Pkgfile) = 4f3b7171ef7719220a7c3383c613bc69ed347824b9fd6b1f99bb076f0a2d9c41
SHA256 (.footprint) = dc68ebbbcdee4d11d5cadac3f5a585be9acead28db713408e60222dd01d8c8c7
-SHA256 (xorg-server-21.1.8.tar.xz) = 38aadb735650c8024ee25211c190bf8aad844c5f59632761ab1ef4c4d5aeb152
+SHA256 (xorg-server-21.1.9.tar.xz) = ff697be2011b4c4966b7806929e51b7a08e9d33800d505305d26d9ccde4b533a
diff --git a/xorg-server/Pkgfile b/xorg-server/Pkgfile
index 70c93dd7..00f63243 100644
--- a/xorg-server/Pkgfile
+++ b/xorg-server/Pkgfile
@@ -4,7 +4,7 @@
# Depends on: libepoxy nettle xorg-bdftopcf xorg-font-util xorg-libxaw xorg-libxcomposite xorg-libxcursor xorg-libxcvt xorg-libxfont2 xorg-libxft xorg-libxinerama xorg-libxres xorg-libxtst xorg-mkfontscale xorg-xcb-util-keysyms xorg-xkbcomp
name=xorg-server
-version=21.1.8
+version=21.1.9
release=1
source=(https://www.x.org/releases/individual/xserver/$name-$version.tar.xz)
1
0
Hey,
after once again banging my head 'against, me thinks i really
would like to have a
#!/bin/sh -
. ./Pkgfile
exec curl -L -o glibc-${version}.patch \
'https://sourceware.org/git/?p=glibc.git;a=commitdiff_plain;hp=refs/tags/gli…'
update.sh, and then only a glibc-${version}.patch in glibc's
Pkgfile $source. Wouldn't that be nice.
You really find nothing in that big bad downtown railway station's
boys toilet wall that the internet is. (Acceptably fast.)
Just my one cent.
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
1
0
ports/opt (3.7): [notify] samba: update to 4.19.1, security fixes, see https://www.samba.org/samba/history/samba-4.19.1.html
by crux@crux.nu 10 Oct '23
by crux@crux.nu 10 Oct '23
10 Oct '23
commit e93c419f2473bd70b9aa3a73ff228aa5a891e49d
Author: Juergen Daubert <jue(a)jue.li>
Date: Tue Oct 10 18:16:26 2023 +0200
[notify] samba: update to 4.19.1, security fixes, see https://www.samba.org/samba/history/samba-4.19.1.html
diff --git a/samba/.footprint b/samba/.footprint
index 08679dd5c..e41f01c8b 100644
--- a/samba/.footprint
+++ b/samba/.footprint
@@ -851,7 +851,6 @@ drwxr-xr-x root/root usr/lib/samba/nss_info/
-rwxr-xr-x root/root usr/lib/samba/rpcd_fsrvp
-rwxr-xr-x root/root usr/lib/samba/rpcd_lsad
-rwxr-xr-x root/root usr/lib/samba/rpcd_mdssvc
--rwxr-xr-x root/root usr/lib/samba/rpcd_rpcecho
-rwxr-xr-x root/root usr/lib/samba/rpcd_spoolss
-rwxr-xr-x root/root usr/lib/samba/rpcd_winreg
-rwxr-xr-x root/root usr/lib/samba/samba-bgqd
diff --git a/samba/.signature b/samba/.signature
index e275fd2be..caf3e5139 100644
--- a/samba/.signature
+++ b/samba/.signature
@@ -1,7 +1,7 @@
untrusted comment: verify with /etc/ports/opt.pub
-RWSE3ohX2g5d/dBHleXsYfXPOGKGxEKS4cd4xhz1FexwBor4t8XdWglHTxSIGUPVqcTQ9N4TiDeHtrmxtLqf6xCiLToUoXRd4gg=
-SHA256 (Pkgfile) = 2ca3ed982b10ac3a629c64f214c236e01378f21ce7b40ff6ede17a7690e25907
-SHA256 (.footprint) = 32c9de6789bf540a3ea4e88b6d93b83905dc960e66d415498559ad3cb6c3af7f
-SHA256 (samba-4.19.0.tar.gz) = 28f98ceab75a6a59432912fa110fc8c716abcab1ed6d8bdd4393d178acff3d20
+RWSE3ohX2g5d/Ys8vmsirfBZx3OQq+H73n/lRXqtGLKB84Z1W18UojY33PwsgtdGl20EcDSQ/3Fj8i5CU7RdVZKta4kDJKMyAgQ=
+SHA256 (Pkgfile) = 75f4d790ba46361882b20d7a04b282aecaf67c3dc45330b1bf12d3e7b3eb9387
+SHA256 (.footprint) = 354a40a9a06b67b4389752dc892625faf7b24e79010c5226cb448167982dca45
+SHA256 (samba-4.19.1.tar.gz) = ce3b7f0d18bf91aa5fd646e8bb385a3b35375b703c6e5123b02b85a1abc81879
SHA256 (samba.rc) = 0ab5a29dd85d5107cea902c21dd8426d20c3bcb2ce28a5add10d572bb88adc63
SHA256 (samba.pam) = c872a9efb2f7151e51e10fada4a75d69f5f5bd5afb1db29b64e8288c7cdc8b20
diff --git a/samba/Pkgfile b/samba/Pkgfile
index 311f0d46a..c7f42d21e 100644
--- a/samba/Pkgfile
+++ b/samba/Pkgfile
@@ -5,7 +5,7 @@
# Optional: brotli cups libidn2
name=samba
-version=4.19.0
+version=4.19.1
release=1
source=(https://www.samba.org/samba/ftp/stable/$name-$version.tar.gz \
samba.rc samba.pam)
1
0
ports/core (3.7): [notify] glibc: fixes for CVE-2023-4527, CVE-2023-4806, CVE-2023-5156 and CVE-2023-4911
by crux@crux.nu 04 Oct '23
by crux@crux.nu 04 Oct '23
04 Oct '23
commit bcd53756d34181aa373fe9b016bce55064207473
Author: Tim Biermann <tbier(a)posteo.de>
Date: Wed Oct 4 14:26:44 2023 +0200
[notify] glibc: fixes for CVE-2023-4527, CVE-2023-4806, CVE-2023-5156 and CVE-2023-4911
diff --git a/glibc/.signature b/glibc/.signature
index c2b7d905..0af7bcbe 100644
--- a/glibc/.signature
+++ b/glibc/.signature
@@ -1,10 +1,10 @@
untrusted comment: verify with /etc/ports/core.pub
-RWRJc1FUaeVeqogJDPcqs21HTSqzFyxgEKBXxqHz0teCvdjM+yu+rh7KtQ/Moyz16f1LBb0veaDBl1Yg13EQAFKiCM/klFaOygs=
-SHA256 (Pkgfile) = 3fb99e9e1553590e8a8136c648823c0b84add195862ee591dd86bb22ea6ddee0
+RWRJc1FUaeVeqpoW2OjCDQ3pK1hhqCCUSYuX9ciV1KAwTYdVuCv2RJf3OhZnimlfsBVUR/o0d8Asuyu4xcDxPYBt7fy7gMe/BAI=
+SHA256 (Pkgfile) = a7ea5f73724ac39fc56dda2879c73fd72c04e378b5694035d5ca8feea914ac92
SHA256 (.footprint) = 9eff4b9e8478995dd0aceacfe9301a250827c8b27cb1d4605c696ac55eec873c
SHA256 (glibc-2.36.tar.xz) = 1c959fea240906226062cb4b1e7ebce71a9f0e3c0836c09e7e3423d434fcfe75
SHA256 (linux-5.15.55.tar.xz) = 1ef6bd508b6c3af3bef2d5b337e4477254dba284c79e329aa38f9763ae3bfdcc
-SHA256 (glibc-2.36-6.patch) = 571cc9d6ba0b1e81a00fae152347a29c2879a4970dad7d30a841690908788a01
+SHA256 (glibc-2.36-7.patch) = c167ddd1eb9e63fade7e60a2dc612a18e0900519d8c0ec1e0cf06fa92fca638a
SHA256 (hosts) = 5c02b256c105f1d4a12fb738d71c1bab9eb126533074d7a0c8a14b92670c9431
SHA256 (resolv.conf) = 72ccb58768a72a771ec37142bc361a18478a07ec9de6e925a20760794389bf51
SHA256 (nsswitch.conf) = 859b8984e5e90aff3cce8f9779996ae4033b280d2122840e9411e2f44a1c2e61
diff --git a/glibc/Pkgfile b/glibc/Pkgfile
index e3aea73d..c2e731d7 100644
--- a/glibc/Pkgfile
+++ b/glibc/Pkgfile
@@ -4,12 +4,12 @@
name=glibc
version=2.36
-release=6
+release=7
_kernel_version=5.15.55
source=(https://ftp.gnu.org/gnu/glibc/glibc-$version.tar.xz
https://www.kernel.org/pub/linux/kernel/v5.x/linux-$_kernel_version.tar.xz
- glibc-$version-6.patch
+ glibc-$version-7.patch
hosts resolv.conf nsswitch.conf host.conf ld.so.conf
locale-gen locale.gen.in)
@@ -19,7 +19,7 @@ build() {
make -C $SRC/linux-$_kernel_version INSTALL_HDR_PATH=$PKG/usr headers_install
chown root:root $PKG/usr
- patch -p1 -d $SRC/$name-${version:0:4} -i $SRC/$name-$version-6.patch
+ patch -p1 -d $SRC/$name-${version:0:4} -i $SRC/$name-$version-7.patch
mkdir $SRC/build
cd $SRC/build
diff --git a/glibc/glibc-2.36-6.patch b/glibc/glibc-2.36-7.patch
similarity index 85%
rename from glibc/glibc-2.36-6.patch
rename to glibc/glibc-2.36-7.patch
index bbb133c8..ad5972b3 100644
--- a/glibc/glibc-2.36-6.patch
+++ b/glibc/glibc-2.36-7.patch
@@ -66,10 +66,10 @@ index d1e139d03c..09c0cf8357 100644
else # -s
verbose :=
diff --git a/NEWS b/NEWS
-index f61e521fc8..82e868d73b 100644
+index f61e521fc8..5358e0cbe3 100644
--- a/NEWS
+++ b/NEWS
-@@ -5,6 +5,66 @@ See the end for copying conditions.
+@@ -5,6 +5,90 @@ See the end for copying conditions.
Please send GNU C library bug reports via <https://sourceware.org/bugzilla/>
using `glibc' in the "product" field.
@@ -89,6 +89,26 @@ index f61e521fc8..82e868d73b 100644
+ heap and prints it to the target log file, potentially revealing a
+ portion of the contents of the heap.
+
++ CVE-2023-4527: If the system is configured in no-aaaa mode via
++ /etc/resolv.conf, getaddrinfo is called for the AF_UNSPEC address
++ family, and a DNS response is received over TCP that is larger than
++ 2048 bytes, getaddrinfo may potentially disclose stack contents via
++ the returned address data, or crash.
++
++ CVE-2023-4806: When an NSS plugin only implements the
++ _gethostbyname2_r and _getcanonname_r callbacks, getaddrinfo could use
++ memory that was freed during buffer resizing, potentially causing a
++ crash or read or write to arbitrary memory.
++
++ CVE-2023-5156: The fix for CVE-2023-4806 introduced a memory leak when
++ an application calls getaddrinfo for AF_INET6 with AI_CANONNAME,
++ AI_ALL and AI_V4MAPPED flags set.
++
++ CVE-2023-4911: If a tunable of the form NAME=NAME=VAL is passed in the
++ environment of a setuid program and NAME is valid, it may result in a
++ buffer overflow, which could be exploited to achieve escalated
++ privileges. This flaw was introduced in glibc 2.34.
++
+The following bugs are resolved with this release:
+
+ [12154] Do not fail DNS resolution for CNAMEs which are not host names
@@ -132,6 +152,10 @@ index f61e521fc8..82e868d73b 100644
+ [30305] x86_64: Fix asm constraints in feraiseexcept
+ [30477] libc: [RISCV]: time64 does not work on riscv32
+ [30515] _dl_find_object incorrectly returns 1 during early startup
++ [30785] Always call destructors in reverse constructor order
++ [30804] F_GETLK, F_SETLK, and F_SETLKW value change for powerpc64 with
++ -D_FILE_OFFSET_BITS=64
++ [30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527)
+
Version 2.36
@@ -282,10 +306,18 @@ index 2696dde4b1..9b07b4e132 100644
void *
diff --git a/elf/Makefile b/elf/Makefile
-index fd77d0c7c8..48788fcdb8 100644
+index fd77d0c7c8..30c9af1de9 100644
--- a/elf/Makefile
+++ b/elf/Makefile
-@@ -374,6 +374,8 @@ tests += \
+@@ -53,6 +53,7 @@ routines = \
+ # profiled libraries.
+ dl-routines = \
+ dl-call-libc-early-init \
++ dl-call_fini \
+ dl-close \
+ dl-debug \
+ dl-debug-symbols \
+@@ -374,6 +375,8 @@ tests += \
tst-align \
tst-align2 \
tst-align3 \
@@ -294,7 +326,7 @@ index fd77d0c7c8..48788fcdb8 100644
tst-audit1 \
tst-audit2 \
tst-audit8 \
-@@ -408,6 +410,7 @@ tests += \
+@@ -408,6 +411,7 @@ tests += \
tst-dlmopen4 \
tst-dlmopen-dlerror \
tst-dlmopen-gethostbyname \
@@ -302,7 +334,7 @@ index fd77d0c7c8..48788fcdb8 100644
tst-dlopenfail \
tst-dlopenfail-2 \
tst-dlopenrpath \
-@@ -631,6 +634,7 @@ ifeq ($(run-built-tests),yes)
+@@ -631,6 +635,7 @@ ifeq ($(run-built-tests),yes)
tests-special += \
$(objpfx)noload-mem.out \
$(objpfx)tst-ldconfig-X.out \
@@ -310,7 +342,7 @@ index fd77d0c7c8..48788fcdb8 100644
$(objpfx)tst-leaks1-mem.out \
$(objpfx)tst-rtld-help.out \
# tests-special
-@@ -765,6 +769,8 @@ modules-names += \
+@@ -765,6 +770,8 @@ modules-names += \
tst-alignmod3 \
tst-array2dep \
tst-array5dep \
@@ -319,7 +351,7 @@ index fd77d0c7c8..48788fcdb8 100644
tst-audit11mod1 \
tst-audit11mod2 \
tst-audit12mod1 \
-@@ -798,6 +804,7 @@ modules-names += \
+@@ -798,6 +805,7 @@ modules-names += \
tst-auditmanymod7 \
tst-auditmanymod8 \
tst-auditmanymod9 \
@@ -327,7 +359,7 @@ index fd77d0c7c8..48788fcdb8 100644
tst-auditmod1 \
tst-auditmod9a \
tst-auditmod9b \
-@@ -834,6 +841,8 @@ modules-names += \
+@@ -834,6 +842,8 @@ modules-names += \
tst-dlmopen1mod \
tst-dlmopen-dlerror-mod \
tst-dlmopen-gethostbyname-mod \
@@ -336,7 +368,7 @@ index fd77d0c7c8..48788fcdb8 100644
tst-dlopenfaillinkmod \
tst-dlopenfailmod1 \
tst-dlopenfailmod2 \
-@@ -990,23 +999,8 @@ modules-names += tst-gnu2-tls1mod
+@@ -990,23 +1000,8 @@ modules-names += tst-gnu2-tls1mod
$(objpfx)tst-gnu2-tls1: $(objpfx)tst-gnu2-tls1mod.so
tst-gnu2-tls1mod.so-no-z-defs = yes
CFLAGS-tst-gnu2-tls1mod.c += -mtls-dialect=gnu2
@@ -361,7 +393,7 @@ index fd77d0c7c8..48788fcdb8 100644
ifeq (yes,$(have-protected-data))
modules-names += tst-protected1moda tst-protected1modb
tests += tst-protected1a tst-protected1b
-@@ -2410,6 +2404,11 @@ $(objpfx)tst-ldconfig-X.out : tst-ldconfig-X.sh $(objpfx)ldconfig
+@@ -2410,6 +2405,11 @@ $(objpfx)tst-ldconfig-X.out : tst-ldconfig-X.sh $(objpfx)ldconfig
'$(run-program-env)' > $@; \
$(evaluate-test)
@@ -373,7 +405,7 @@ index fd77d0c7c8..48788fcdb8 100644
# Test static linking of all the libraries we can possibly link
# together. Note that in some configurations this may be less than the
# complete list of libraries we build but we try to maxmimize this list.
-@@ -2967,3 +2966,25 @@ $(objpfx)tst-tls-allocation-failure-static-patched.out: \
+@@ -2967,3 +2967,25 @@ $(objpfx)tst-tls-allocation-failure-static-patched.out: \
grep -q '^Fatal glibc error: Cannot allocate TLS block$$' $@ \
&& grep -q '^status: 127$$' $@; \
$(evaluate-test)
@@ -415,6 +447,323 @@ index 8bbf110d02..b97c17b3a9 100644
return __strdup (temp);
}
+diff --git a/elf/dl-call_fini.c b/elf/dl-call_fini.c
+new file mode 100644
+index 0000000000..9e7ba10fa2
+--- /dev/null
++++ b/elf/dl-call_fini.c
+@@ -0,0 +1,50 @@
++/* Invoke DT_FINI and DT_FINI_ARRAY callbacks.
++ Copyright (C) 1996-2022 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <https://www.gnu.org/licenses/>. */
++
++#include <ldsodefs.h>
++#include <sysdep.h>
++
++void
++_dl_call_fini (void *closure_map)
++{
++ struct link_map *map = closure_map;
++
++ /* When debugging print a message first. */
++ if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_IMPCALLS))
++ _dl_debug_printf ("\ncalling fini: %s [%lu]\n\n", map->l_name, map->l_ns);
++
++ /* Make sure nothing happens if we are called twice. */
++ map->l_init_called = 0;
++
++ ElfW(Dyn) *fini_array = map->l_info[DT_FINI_ARRAY];
++ if (fini_array != NULL)
++ {
++ ElfW(Addr) *array = (ElfW(Addr) *) (map->l_addr
++ + fini_array->d_un.d_ptr);
++ size_t sz = (map->l_info[DT_FINI_ARRAYSZ]->d_un.d_val
++ / sizeof (ElfW(Addr)));
++
++ while (sz-- > 0)
++ ((fini_t) array[sz]) ();
++ }
++
++ /* Next try the old-style destructor. */
++ ElfW(Dyn) *fini = map->l_info[DT_FINI];
++ if (fini != NULL)
++ DL_CALL_DT_FINI (map, ((void *) map->l_addr + fini->d_un.d_ptr));
++}
+diff --git a/elf/dl-close.c b/elf/dl-close.c
+index bcd6e206e9..640bbd88c3 100644
+--- a/elf/dl-close.c
++++ b/elf/dl-close.c
+@@ -36,11 +36,6 @@
+
+ #include <dl-unmap-segments.h>
+
+-
+-/* Type of the constructor functions. */
+-typedef void (*fini_t) (void);
+-
+-
+ /* Special l_idx value used to indicate which objects remain loaded. */
+ #define IDX_STILL_USED -1
+
+@@ -110,31 +105,6 @@ remove_slotinfo (size_t idx, struct dtv_slotinfo_list *listp, size_t disp,
+ return false;
+ }
+
+-/* Invoke dstructors for CLOSURE (a struct link_map *). Called with
+- exception handling temporarily disabled, to make errors fatal. */
+-static void
+-call_destructors (void *closure)
+-{
+- struct link_map *map = closure;
+-
+- if (map->l_info[DT_FINI_ARRAY] != NULL)
+- {
+- ElfW(Addr) *array =
+- (ElfW(Addr) *) (map->l_addr
+- + map->l_info[DT_FINI_ARRAY]->d_un.d_ptr);
+- unsigned int sz = (map->l_info[DT_FINI_ARRAYSZ]->d_un.d_val
+- / sizeof (ElfW(Addr)));
+-
+- while (sz-- > 0)
+- ((fini_t) array[sz]) ();
+- }
+-
+- /* Next try the old-style destructor. */
+- if (map->l_info[DT_FINI] != NULL)
+- DL_CALL_DT_FINI (map, ((void *) map->l_addr
+- + map->l_info[DT_FINI]->d_un.d_ptr));
+-}
+-
+ void
+ _dl_close_worker (struct link_map *map, bool force)
+ {
+@@ -168,30 +138,31 @@ _dl_close_worker (struct link_map *map, bool force)
+
+ bool any_tls = false;
+ const unsigned int nloaded = ns->_ns_nloaded;
+- struct link_map *maps[nloaded];
+
+- /* Run over the list and assign indexes to the link maps and enter
+- them into the MAPS array. */
++ /* Run over the list and assign indexes to the link maps. */
+ int idx = 0;
+ for (struct link_map *l = ns->_ns_loaded; l != NULL; l = l->l_next)
+ {
+ l->l_map_used = 0;
+ l->l_map_done = 0;
+ l->l_idx = idx;
+- maps[idx] = l;
+ ++idx;
+ }
+ assert (idx == nloaded);
+
+- /* Keep track of the lowest index link map we have covered already. */
+- int done_index = -1;
+- while (++done_index < nloaded)
++ /* Keep marking link maps until no new link maps are found. */
++ for (struct link_map *l = ns->_ns_loaded; l != NULL; )
+ {
+- struct link_map *l = maps[done_index];
++ /* next is reset to earlier link maps for remarking. */
++ struct link_map *next = l->l_next;
++ int next_idx = l->l_idx + 1; /* next->l_idx, but covers next == NULL. */
+
+ if (l->l_map_done)
+- /* Already handled. */
+- continue;
++ {
++ /* Already handled. */
++ l = next;
++ continue;
++ }
+
+ /* Check whether this object is still used. */
+ if (l->l_type == lt_loaded
+@@ -201,7 +172,10 @@ _dl_close_worker (struct link_map *map, bool force)
+ acquire is sufficient and correct. */
+ && atomic_load_acquire (&l->l_tls_dtor_count) == 0
+ && !l->l_map_used)
+- continue;
++ {
++ l = next;
++ continue;
++ }
+
+ /* We need this object and we handle it now. */
+ l->l_map_used = 1;
+@@ -228,8 +202,11 @@ _dl_close_worker (struct link_map *map, bool force)
+ already processed it, then we need to go back
+ and process again from that point forward to
+ ensure we keep all of its dependencies also. */
+- if ((*lp)->l_idx - 1 < done_index)
+- done_index = (*lp)->l_idx - 1;
++ if ((*lp)->l_idx < next_idx)
++ {
++ next = *lp;
++ next_idx = next->l_idx;
++ }
+ }
+ }
+
+@@ -249,54 +226,65 @@ _dl_close_worker (struct link_map *map, bool force)
+ if (!jmap->l_map_used)
+ {
+ jmap->l_map_used = 1;
+- if (jmap->l_idx - 1 < done_index)
+- done_index = jmap->l_idx - 1;
++ if (jmap->l_idx < next_idx)
++ {
++ next = jmap;
++ next_idx = next->l_idx;
++ }
+ }
+ }
+ }
+- }
+
+- /* Sort the entries. We can skip looking for the binary itself which is
+- at the front of the search list for the main namespace. */
+- _dl_sort_maps (maps, nloaded, (nsid == LM_ID_BASE), true);
++ l = next;
++ }
+
+- /* Call all termination functions at once. */
+- bool unload_any = false;
+- bool scope_mem_left = false;
+- unsigned int unload_global = 0;
+- unsigned int first_loaded = ~0;
+- for (unsigned int i = 0; i < nloaded; ++i)
++ /* Call the destructors in reverse constructor order, and remove the
++ closed link maps from the list. */
++ for (struct link_map **init_called_head = &_dl_init_called_list;
++ *init_called_head != NULL; )
+ {
+- struct link_map *imap = maps[i];
+-
+- /* All elements must be in the same namespace. */
+- assert (imap->l_ns == nsid);
++ struct link_map *imap = *init_called_head;
+
+- if (!imap->l_map_used)
++ /* _dl_init_called_list is global, to produce a global odering.
++ Ignore the other namespaces (and link maps that are still used). */
++ if (imap->l_ns != nsid || imap->l_map_used)
++ init_called_head = &imap->l_init_called_next;
++ else
+ {
+ assert (imap->l_type == lt_loaded && !imap->l_nodelete_active);
+
+- /* Call its termination function. Do not do it for
+- half-cooked objects. Temporarily disable exception
+- handling, so that errors are fatal. */
+- if (imap->l_init_called)
+- {
+- /* When debugging print a message first. */
+- if (__builtin_expect (GLRO(dl_debug_mask) & DL_DEBUG_IMPCALLS,
+- 0))
+- _dl_debug_printf ("\ncalling fini: %s [%lu]\n\n",
+- imap->l_name, nsid);
+-
+- if (imap->l_info[DT_FINI_ARRAY] != NULL
+- || imap->l_info[DT_FINI] != NULL)
+- _dl_catch_exception (NULL, call_destructors, imap);
+- }
++ /* _dl_init_called_list is updated at the same time as
++ l_init_called. */
++ assert (imap->l_init_called);
++
++ if (imap->l_info[DT_FINI_ARRAY] != NULL
++ || imap->l_info[DT_FINI] != NULL)
++ _dl_catch_exception (NULL, _dl_call_fini, imap);
+
+ #ifdef SHARED
+ /* Auditing checkpoint: we remove an object. */
+ _dl_audit_objclose (imap);
+ #endif
++ /* Unlink this link map. */
++ *init_called_head = imap->l_init_called_next;
++ }
++ }
++
+
++ bool unload_any = false;
++ bool scope_mem_left = false;
++ unsigned int unload_global = 0;
++
++ /* For skipping un-unloadable link maps in the second loop. */
++ struct link_map *first_loaded = ns->_ns_loaded;
++
++ /* Iterate over the namespace to find objects to unload. Some
++ unloadable objects may not be on _dl_init_called_list due to
++ dlopen failure. */
++ for (struct link_map *imap = first_loaded; imap != NULL; imap = imap->l_next)
++ {
++ if (!imap->l_map_used)
++ {
+ /* This object must not be used anymore. */
+ imap->l_removed = 1;
+
+@@ -307,8 +295,8 @@ _dl_close_worker (struct link_map *map, bool force)
+ ++unload_global;
+
+ /* Remember where the first dynamically loaded object is. */
+- if (i < first_loaded)
+- first_loaded = i;
++ if (first_loaded == NULL)
++ first_loaded = imap;
+ }
+ /* Else imap->l_map_used. */
+ else if (imap->l_type == lt_loaded)
+@@ -444,8 +432,8 @@ _dl_close_worker (struct link_map *map, bool force)
+ imap->l_loader = NULL;
+
+ /* Remember where the first dynamically loaded object is. */
+- if (i < first_loaded)
+- first_loaded = i;
++ if (first_loaded == NULL)
++ first_loaded = imap;
+ }
+ }
+
+@@ -516,10 +504,11 @@ _dl_close_worker (struct link_map *map, bool force)
+
+ /* Check each element of the search list to see if all references to
+ it are gone. */
+- for (unsigned int i = first_loaded; i < nloaded; ++i)
++ for (struct link_map *imap = first_loaded; imap != NULL; )
+ {
+- struct link_map *imap = maps[i];
+- if (!imap->l_map_used)
++ if (imap->l_map_used)
++ imap = imap->l_next;
++ else
+ {
+ assert (imap->l_type == lt_loaded);
+
+@@ -730,7 +719,9 @@ _dl_close_worker (struct link_map *map, bool force)
+ if (imap == GL(dl_initfirst))
+ GL(dl_initfirst) = NULL;
+
++ struct link_map *next = imap->l_next;
+ free (imap);
++ imap = next;
+ }
+ }
+
diff --git a/elf/dl-find_object.c b/elf/dl-find_object.c
index 4d5831b6f4..2e5b456c11 100644
--- a/elf/dl-find_object.c
@@ -428,6 +777,218 @@ index 4d5831b6f4..2e5b456c11 100644
}
/* Object not found. */
+diff --git a/elf/dl-fini.c b/elf/dl-fini.c
+index 030b1fcbcd..50087a1bfc 100644
+--- a/elf/dl-fini.c
++++ b/elf/dl-fini.c
+@@ -21,155 +21,71 @@
+ #include <ldsodefs.h>
+ #include <elf-initfini.h>
+
+-
+-/* Type of the constructor functions. */
+-typedef void (*fini_t) (void);
+-
+-
+ void
+ _dl_fini (void)
+ {
+- /* Lots of fun ahead. We have to call the destructors for all still
+- loaded objects, in all namespaces. The problem is that the ELF
+- specification now demands that dependencies between the modules
+- are taken into account. I.e., the destructor for a module is
+- called before the ones for any of its dependencies.
+-
+- To make things more complicated, we cannot simply use the reverse
+- order of the constructors. Since the user might have loaded objects
+- using `dlopen' there are possibly several other modules with its
+- dependencies to be taken into account. Therefore we have to start
+- determining the order of the modules once again from the beginning. */
+-
+- /* We run the destructors of the main namespaces last. As for the
+- other namespaces, we pick run the destructors in them in reverse
+- order of the namespace ID. */
++ /* Call destructors strictly in the reverse order of constructors.
++ This causes fewer surprises than some arbitrary reordering based
++ on new (relocation) dependencies. None of the objects are
++ unmapped, so applications can deal with this if their DSOs remain
++ in a consistent state after destructors have run. */
++
++ /* Protect against concurrent loads and unloads. */
++ __rtld_lock_lock_recursive (GL(dl_load_lock));
++
++ /* Ignore objects which are opened during shutdown. */
++ struct link_map *local_init_called_list = _dl_init_called_list;
++
++ for (struct link_map *l = local_init_called_list; l != NULL;
++ l = l->l_init_called_next)
++ /* Bump l_direct_opencount of all objects so that they
++ are not dlclose()ed from underneath us. */
++ ++l->l_direct_opencount;
++
++ /* After this point, everything linked from local_init_called_list
++ cannot be unloaded because of the reference counter update. */
++ __rtld_lock_unlock_recursive (GL(dl_load_lock));
++
++ /* Perform two passes: One for non-audit modules, one for audit
++ modules. This way, audit modules receive unload notifications
++ for non-audit objects, and the destructors for audit modules
++ still run. */
+ #ifdef SHARED
+- int do_audit = 0;
+- again:
++ int last_pass = GLRO(dl_naudit) > 0;
++ Lmid_t last_ns = -1;
++ for (int do_audit = 0; do_audit <= last_pass; ++do_audit)
+ #endif
+- for (Lmid_t ns = GL(dl_nns) - 1; ns >= 0; --ns)
+- {
+- /* Protect against concurrent loads and unloads. */
+- __rtld_lock_lock_recursive (GL(dl_load_lock));
+-
+- unsigned int nloaded = GL(dl_ns)[ns]._ns_nloaded;
+- /* No need to do anything for empty namespaces or those used for
+- auditing DSOs. */
+- if (nloaded == 0
+-#ifdef SHARED
+- || GL(dl_ns)[ns]._ns_loaded->l_auditing != do_audit
+-#endif
+- )
+- __rtld_lock_unlock_recursive (GL(dl_load_lock));
+- else
+- {
+-#ifdef SHARED
+- _dl_audit_activity_nsid (ns, LA_ACT_DELETE);
+-#endif
+-
+- /* Now we can allocate an array to hold all the pointers and
+- copy the pointers in. */
+- struct link_map *maps[nloaded];
+-
+- unsigned int i;
+- struct link_map *l;
+- assert (nloaded != 0 || GL(dl_ns)[ns]._ns_loaded == NULL);
+- for (l = GL(dl_ns)[ns]._ns_loaded, i = 0; l != NULL; l = l->l_next)
+- /* Do not handle ld.so in secondary namespaces. */
+- if (l == l->l_real)
+- {
+- assert (i < nloaded);
+-
+- maps[i] = l;
+- l->l_idx = i;
+- ++i;
+-
+- /* Bump l_direct_opencount of all objects so that they
+- are not dlclose()ed from underneath us. */
+- ++l->l_direct_opencount;
+- }
+- assert (ns != LM_ID_BASE || i == nloaded);
+- assert (ns == LM_ID_BASE || i == nloaded || i == nloaded - 1);
+- unsigned int nmaps = i;
+-
+- /* Now we have to do the sorting. We can skip looking for the
+- binary itself which is at the front of the search list for
+- the main namespace. */
+- _dl_sort_maps (maps, nmaps, (ns == LM_ID_BASE), true);
+-
+- /* We do not rely on the linked list of loaded object anymore
+- from this point on. We have our own list here (maps). The
+- various members of this list cannot vanish since the open
+- count is too high and will be decremented in this loop. So
+- we release the lock so that some code which might be called
+- from a destructor can directly or indirectly access the
+- lock. */
+- __rtld_lock_unlock_recursive (GL(dl_load_lock));
+-
+- /* 'maps' now contains the objects in the right order. Now
+- call the destructors. We have to process this array from
+- the front. */
+- for (i = 0; i < nmaps; ++i)
+- {
+- struct link_map *l = maps[i];
+-
+- if (l->l_init_called)
+- {
+- /* Make sure nothing happens if we are called twice. */
+- l->l_init_called = 0;
+-
+- /* Is there a destructor function? */
+- if (l->l_info[DT_FINI_ARRAY] != NULL
+- || (ELF_INITFINI && l->l_info[DT_FINI] != NULL))
+- {
+- /* When debugging print a message first. */
+- if (__builtin_expect (GLRO(dl_debug_mask)
+- & DL_DEBUG_IMPCALLS, 0))
+- _dl_debug_printf ("\ncalling fini: %s [%lu]\n\n",
+- DSO_FILENAME (l->l_name),
+- ns);
+-
+- /* First see whether an array is given. */
+- if (l->l_info[DT_FINI_ARRAY] != NULL)
+- {
+- ElfW(Addr) *array =
+- (ElfW(Addr) *) (l->l_addr
+- + l->l_info[DT_FINI_ARRAY]->d_un.d_ptr);
+- unsigned int i = (l->l_info[DT_FINI_ARRAYSZ]->d_un.d_val
+- / sizeof (ElfW(Addr)));
+- while (i-- > 0)
+- ((fini_t) array[i]) ();
+- }
+-
+- /* Next try the old-style destructor. */
+- if (ELF_INITFINI && l->l_info[DT_FINI] != NULL)
+- DL_CALL_DT_FINI
+- (l, l->l_addr + l->l_info[DT_FINI]->d_un.d_ptr);
+- }
+-
++ for (struct link_map *l = local_init_called_list; l != NULL;
++ l = l->l_init_called_next)
++ {
+ #ifdef SHARED
+- /* Auditing checkpoint: another object closed. */
+- _dl_audit_objclose (l);
++ if (GL(dl_ns)[l->l_ns]._ns_loaded->l_auditing != do_audit)
++ continue;
++
++ /* Avoid back-to-back calls of _dl_audit_activity_nsid for the
++ same namespace. */
++ if (last_ns != l->l_ns)
++ {
++ if (last_ns >= 0)
++ _dl_audit_activity_nsid (last_ns, LA_ACT_CONSISTENT);
++ _dl_audit_activity_nsid (l->l_ns, LA_ACT_DELETE);
++ last_ns = l->l_ns;
++ }
+ #endif
+- }
+
+- /* Correct the previous increment. */
+- --l->l_direct_opencount;
+- }
++ /* There is no need to re-enable exceptions because _dl_fini
++ is not called from a context where exceptions are caught. */
++ _dl_call_fini (l);
+
+ #ifdef SHARED
+- _dl_audit_activity_nsid (ns, LA_ACT_CONSISTENT);
++ /* Auditing checkpoint: another object closed. */
++ _dl_audit_objclose (l);
+ #endif
+- }
+- }
++ }
+
+ #ifdef SHARED
+- if (! do_audit && GLRO(dl_naudit) > 0)
+- {
+- do_audit = 1;
+- goto again;
+- }
++ if (last_ns >= 0)
++ _dl_audit_activity_nsid (last_ns, LA_ACT_CONSISTENT);
+
+ if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_STATISTICS))
+ _dl_debug_printf ("\nruntime linker statistics:\n"
diff --git a/elf/dl-hwcaps.c b/elf/dl-hwcaps.c
index 6f161f6ad5..92eb53790e 100644
--- a/elf/dl-hwcaps.c
@@ -464,6 +1025,96 @@ index 6f161f6ad5..92eb53790e 100644
struct r_strlenpair *overall_result
= malloc (*sz * sizeof (*result) + total);
if (overall_result == NULL)
+diff --git a/elf/dl-init.c b/elf/dl-init.c
+index deefeb099a..77b2edd838 100644
+--- a/elf/dl-init.c
++++ b/elf/dl-init.c
+@@ -21,14 +21,19 @@
+ #include <ldsodefs.h>
+ #include <elf-initfini.h>
+
++struct link_map *_dl_init_called_list;
+
+ static void
+ call_init (struct link_map *l, int argc, char **argv, char **env)
+ {
++ /* Do not run constructors for proxy objects. */
++ if (l != l->l_real)
++ return;
++
+ /* If the object has not been relocated, this is a bug. The
+ function pointers are invalid in this case. (Executables do not
+- need relocation, and neither do proxy objects.) */
+- assert (l->l_real->l_relocated || l->l_real->l_type == lt_executable);
++ need relocation.) */
++ assert (l->l_relocated || l->l_type == lt_executable);
+
+ if (l->l_init_called)
+ /* This object is all done. */
+@@ -38,6 +43,21 @@ call_init (struct link_map *l, int argc, char **argv, char **env)
+ dependency. */
+ l->l_init_called = 1;
+
++ /* Help an already-running dlclose: The just-loaded object must not
++ be removed during the current pass. (No effect if no dlclose in
++ progress.) */
++ l->l_map_used = 1;
++
++ /* Record execution before starting any initializers. This way, if
++ the initializers themselves call dlopen, their ELF destructors
++ will eventually be run before this object is destructed, matching
++ that their ELF constructors have run before this object was
++ constructed. _dl_fini uses this list for audit callbacks, so
++ register objects on the list even if they do not have a
++ constructor. */
++ l->l_init_called_next = _dl_init_called_list;
++ _dl_init_called_list = l;
++
+ /* Check for object which constructors we do not run here. */
+ if (__builtin_expect (l->l_name[0], 'a') == '\0'
+ && l->l_type == lt_executable)
+diff --git a/elf/dl-load.c b/elf/dl-load.c
+index 1ad0868dad..cb59c21ce7 100644
+--- a/elf/dl-load.c
++++ b/elf/dl-load.c
+@@ -1263,7 +1263,7 @@ _dl_map_object_from_fd (const char *name, const char *origname, int fd,
+
+ /* Now process the load commands and map segments into memory.
+ This is responsible for filling in:
+- l_map_start, l_map_end, l_addr, l_contiguous, l_text_end, l_phdr
++ l_map_start, l_map_end, l_addr, l_contiguous, l_phdr
+ */
+ errstring = _dl_map_segments (l, fd, header, type, loadcmds, nloadcmds,
+ maplength, has_holes, loader);
+diff --git a/elf/dl-load.h b/elf/dl-load.h
+index f98d264e90..ebf7d74cd0 100644
+--- a/elf/dl-load.h
++++ b/elf/dl-load.h
+@@ -83,14 +83,11 @@ struct loadcmd
+
+ /* This is a subroutine of _dl_map_segments. It should be called for each
+ load command, some time after L->l_addr has been set correctly. It is
+- responsible for setting up the l_text_end and l_phdr fields. */
++ responsible for setting the l_phdr fields */
+ static __always_inline void
+ _dl_postprocess_loadcmd (struct link_map *l, const ElfW(Ehdr) *header,
+ const struct loadcmd *c)
+ {
+- if (c->prot & PROT_EXEC)
+- l->l_text_end = l->l_addr + c->mapend;
+-
+ if (l->l_phdr == 0
+ && c->mapoff <= header->e_phoff
+ && ((size_t) (c->mapend - c->mapstart + c->mapoff)
+@@ -103,7 +100,7 @@ _dl_postprocess_loadcmd (struct link_map *l, const ElfW(Ehdr) *header,
+
+ /* This is a subroutine of _dl_map_object_from_fd. It is responsible
+ for filling in several fields in *L: l_map_start, l_map_end, l_addr,
+- l_contiguous, l_text_end, l_phdr. On successful return, all the
++ l_contiguous, l_phdr. On successful return, all the
+ segments are mapped (or copied, or whatever) from the file into their
+ final places in the address space, with the correct page permissions,
+ and any bss-like regions already zeroed. It returns a null pointer
diff --git a/elf/dl-lookup.c b/elf/dl-lookup.c
index 4c86dc694e..67fb2e31e2 100644
--- a/elf/dl-lookup.c
@@ -663,6 +1314,42 @@ index 4af0b5b2ce..f45b630ba5 100644
call_function_static_weak (_dl_find_object_init);
+diff --git a/elf/dl-tunables.c b/elf/dl-tunables.c
+index 8e7ee9df10..76cf8b9da3 100644
+--- a/elf/dl-tunables.c
++++ b/elf/dl-tunables.c
+@@ -187,11 +187,7 @@ parse_tunables (char *tunestr, char *valstring)
+ /* If we reach the end of the string before getting a valid name-value
+ pair, bail out. */
+ if (p[len] == '\0')
+- {
+- if (__libc_enable_secure)
+- tunestr[off] = '\0';
+- return;
+- }
++ break;
+
+ /* We did not find a valid name-value pair before encountering the
+ colon. */
+@@ -251,9 +247,16 @@ parse_tunables (char *tunestr, char *valstring)
+ }
+ }
+
+- if (p[len] != '\0')
+- p += len + 1;
++ /* We reached the end while processing the tunable string. */
++ if (p[len] == '\0')
++ break;
++
++ p += len + 1;
+ }
++
++ /* Terminate tunestr before we leave. */
++ if (__libc_enable_secure)
++ tunestr[off] = '\0';
+ }
+ #endif
+
diff --git a/elf/dl-tunables.list b/elf/dl-tunables.list
index e6a56b3070..9fa3b484cf 100644
--- a/elf/dl-tunables.list
@@ -686,20 +1373,34 @@ index e6a56b3070..9fa3b484cf 100644
+ }
}
diff --git a/elf/dso-sort-tests-1.def b/elf/dso-sort-tests-1.def
-index 5f7f18ef27..4bf9052db1 100644
+index 5f7f18ef27..61dc54f8ae 100644
--- a/elf/dso-sort-tests-1.def
+++ b/elf/dso-sort-tests-1.def
-@@ -64,3 +64,10 @@ output: b>a>{}<a<b
+@@ -53,14 +53,14 @@ tst-dso-ordering10: {}->a->b->c;soname({})=c
+ output: b>a>{}<a<b
+
+ # Complex example from Bugzilla #15311, under-linked and with circular
+-# relocation(dynamic) dependencies. While this is technically unspecified, the
+-# presumed reasonable practical behavior is for the destructor order to respect
+-# the static DT_NEEDED links (here this means the a->b->c->d order).
+-# The older dynamic_sort=1 algorithm does not achieve this, while the DFS-based
+-# dynamic_sort=2 algorithm does, although it is still arguable whether going
+-# beyond spec to do this is the right thing to do.
+-# The below expected outputs are what the two algorithms currently produce
+-# respectively, for regression testing purposes.
++# relocation(dynamic) dependencies. For both sorting algorithms, the
++# destruction order is the reverse of the construction order, and
++# relocation dependencies are not taken into account.
tst-bz15311: {+a;+e;+f;+g;+d;%d;-d;-g;-f;-e;-a};a->b->c->d;d=>[ba];c=>a;b=>e=>a;c=>f=>b;d=>g=>c
- output(glibc.rtld.dynamic_sort=1): {+a[d>c>b>a>];+e[e>];+f[f>];+g[g>];+d[];%d(b(e(a()))a()g(c(a()f(b(e(a()))))));-d[];-g[];-f[];-e[];-a[<a<c<d<g<f<b<e];}
- output(glibc.rtld.dynamic_sort=2): {+a[d>c>b>a>];+e[e>];+f[f>];+g[g>];+d[];%d(b(e(a()))a()g(c(a()f(b(e(a()))))));-d[];-g[];-f[];-e[];-a[<g<f<a<b<c<d<e];}
+-output(glibc.rtld.dynamic_sort=1): {+a[d>c>b>a>];+e[e>];+f[f>];+g[g>];+d[];%d(b(e(a()))a()g(c(a()f(b(e(a()))))));-d[];-g[];-f[];-e[];-a[<a<c<d<g<f<b<e];}
+-output(glibc.rtld.dynamic_sort=2): {+a[d>c>b>a>];+e[e>];+f[f>];+g[g>];+d[];%d(b(e(a()))a()g(c(a()f(b(e(a()))))));-d[];-g[];-f[];-e[];-a[<g<f<a<b<c<d<e];}
++output: {+a[d>c>b>a>];+e[e>];+f[f>];+g[g>];+d[];%d(b(e(a()))a()g(c(a()f(b(e(a()))))));-d[];-g[];-f[];-e[];-a[<g<f<e<a<b<c<d];}
+
+# Test that even in the presence of dependency loops involving dlopen'ed
+# object, that object is initialized last (and not unloaded prematurely).
-+# Final destructor order is indeterminate due to the cycle.
++# Final destructor order is the opposite of constructor order.
+tst-bz28937: {+a;+b;-b;+c;%c};a->a1;a->a2;a2->a;b->b1;c->a1;c=>a1
-+output(glibc.rtld.dynamic_sort=1): {+a[a2>a1>a>];+b[b1>b>];-b[<b<b1];+c[c>];%c(a1());}<a<a2<c<a1
-+output(glibc.rtld.dynamic_sort=2): {+a[a2>a1>a>];+b[b1>b>];-b[<b<b1];+c[c>];%c(a1());}<a2<a<c<a1
++output: {+a[a2>a1>a>];+b[b1>b>];-b[<b<b1];+c[c>];%c(a1());}<c<a<a1<a2
diff --git a/elf/elf.h b/elf/elf.h
index 02a1b3f52f..014393f3cc 100644
--- a/elf/elf.h
@@ -732,10 +1433,44 @@ index ca00dd1fe2..3c5e273f2b 100644
else # -s
verbose :=
diff --git a/elf/rtld.c b/elf/rtld.c
-index cbbaf4a331..3e771a93d8 100644
+index cbbaf4a331..dd45930ff7 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
-@@ -2122,6 +2122,12 @@ dl_main (const ElfW(Phdr) *phdr,
+@@ -479,7 +479,6 @@ _dl_start_final (void *arg, struct dl_start_final_info *info)
+ GL(dl_rtld_map).l_real = &GL(dl_rtld_map);
+ GL(dl_rtld_map).l_map_start = (ElfW(Addr)) &__ehdr_start;
+ GL(dl_rtld_map).l_map_end = (ElfW(Addr)) _end;
+- GL(dl_rtld_map).l_text_end = (ElfW(Addr)) _etext;
+ /* Copy the TLS related data if necessary. */
+ #ifndef DONT_USE_BOOTSTRAP_MAP
+ # if NO_TLS_OFFSET != 0
+@@ -1124,7 +1123,6 @@ rtld_setup_main_map (struct link_map *main_map)
+ bool has_interp = false;
+
+ main_map->l_map_end = 0;
+- main_map->l_text_end = 0;
+ /* Perhaps the executable has no PT_LOAD header entries at all. */
+ main_map->l_map_start = ~0;
+ /* And it was opened directly. */
+@@ -1216,8 +1214,6 @@ rtld_setup_main_map (struct link_map *main_map)
+ allocend = main_map->l_addr + ph->p_vaddr + ph->p_memsz;
+ if (main_map->l_map_end < allocend)
+ main_map->l_map_end = allocend;
+- if ((ph->p_flags & PF_X) && allocend > main_map->l_text_end)
+- main_map->l_text_end = allocend;
+
+ /* The next expected address is the page following this load
+ segment. */
+@@ -1277,8 +1273,6 @@ rtld_setup_main_map (struct link_map *main_map)
+ = (char *) main_map->l_tls_initimage + main_map->l_addr;
+ if (! main_map->l_map_end)
+ main_map->l_map_end = ~0;
+- if (! main_map->l_text_end)
+- main_map->l_text_end = ~0;
+ if (! GL(dl_rtld_map).l_libname && GL(dl_rtld_map).l_name)
+ {
+ /* We were invoked directly, so the program might not have a
+@@ -2122,6 +2116,12 @@ dl_main (const ElfW(Phdr) *phdr,
if (l->l_faked)
/* The library was not found. */
_dl_printf ("\t%s => not found\n", l->l_libname->name);
@@ -748,6 +1483,127 @@ index cbbaf4a331..3e771a93d8 100644
else
_dl_printf ("\t%s => %s (0x%0*Zx)\n",
DSO_FILENAME (l->l_libname->name),
+diff --git a/elf/setup-vdso.h b/elf/setup-vdso.h
+index c0807ea82b..415d5057c3 100644
+--- a/elf/setup-vdso.h
++++ b/elf/setup-vdso.h
+@@ -51,9 +51,6 @@ setup_vdso (struct link_map *main_map __attribute__ ((unused)),
+ l->l_addr = ph->p_vaddr;
+ if (ph->p_vaddr + ph->p_memsz >= l->l_map_end)
+ l->l_map_end = ph->p_vaddr + ph->p_memsz;
+- if ((ph->p_flags & PF_X)
+- && ph->p_vaddr + ph->p_memsz >= l->l_text_end)
+- l->l_text_end = ph->p_vaddr + ph->p_memsz;
+ }
+ else
+ /* There must be no TLS segment. */
+@@ -62,7 +59,6 @@ setup_vdso (struct link_map *main_map __attribute__ ((unused)),
+ l->l_map_start = (ElfW(Addr)) GLRO(dl_sysinfo_dso);
+ l->l_addr = l->l_map_start - l->l_addr;
+ l->l_map_end += l->l_addr;
+- l->l_text_end += l->l_addr;
+ l->l_ld = (void *) ((ElfW(Addr)) l->l_ld + l->l_addr);
+ elf_get_dynamic_info (l, false, false);
+ _dl_setup_hash (l);
+diff --git a/elf/tst-audit23.c b/elf/tst-audit23.c
+index 4904cf1340..f40760bd70 100644
+--- a/elf/tst-audit23.c
++++ b/elf/tst-audit23.c
+@@ -98,6 +98,8 @@ do_test (int argc, char *argv[])
+ char *lname;
+ uintptr_t laddr;
+ Lmid_t lmid;
++ uintptr_t cookie;
++ uintptr_t namespace;
+ bool closed;
+ } objs[max_objs] = { [0 ... max_objs-1] = { .closed = false } };
+ size_t nobjs = 0;
+@@ -117,6 +119,9 @@ do_test (int argc, char *argv[])
+ size_t buffer_length = 0;
+ while (xgetline (&buffer, &buffer_length, out))
+ {
++ *strchrnul (buffer, '\n') = '\0';
++ printf ("info: subprocess output: %s\n", buffer);
++
+ if (startswith (buffer, "la_activity: "))
+ {
+ uintptr_t cookie;
+@@ -125,29 +130,26 @@ do_test (int argc, char *argv[])
+ &cookie);
+ TEST_COMPARE (r, 2);
+
+- /* The cookie identifies the object at the head of the link map,
+- so we only add a new namespace if it changes from the previous
+- one. This works since dlmopen is the last in the test body. */
+- if (cookie != last_act_cookie && last_act_cookie != -1)
+- TEST_COMPARE (last_act, LA_ACT_CONSISTENT);
+-
+ if (this_act == LA_ACT_ADD && acts[nacts] != cookie)
+ {
++ /* The cookie identifies the object at the head of the
++ link map, so we only add a new namespace if it
++ changes from the previous one. This works since
++ dlmopen is the last in the test body. */
++ if (cookie != last_act_cookie && last_act_cookie != -1)
++ TEST_COMPARE (last_act, LA_ACT_CONSISTENT);
++
+ acts[nacts++] = cookie;
+ last_act_cookie = cookie;
+ }
+- /* The LA_ACT_DELETE is called in the reverse order of LA_ACT_ADD
+- at program termination (if the tests adds a dlclose or a library
+- with extra dependencies this will need to be adapted). */
++ /* LA_ACT_DELETE is called multiple times for each
++ namespace, depending on destruction order. */
+ else if (this_act == LA_ACT_DELETE)
+- {
+- last_act_cookie = acts[--nacts];
+- TEST_COMPARE (acts[nacts], cookie);
+- acts[nacts] = 0;
+- }
++ last_act_cookie = cookie;
+ else if (this_act == LA_ACT_CONSISTENT)
+ {
+ TEST_COMPARE (cookie, last_act_cookie);
++ last_act_cookie = -1;
+
+ /* LA_ACT_DELETE must always be followed by an la_objclose. */
+ if (last_act == LA_ACT_DELETE)
+@@ -179,6 +181,8 @@ do_test (int argc, char *argv[])
+ objs[nobjs].lname = lname;
+ objs[nobjs].laddr = laddr;
+ objs[nobjs].lmid = lmid;
++ objs[nobjs].cookie = cookie;
++ objs[nobjs].namespace = last_act_cookie;
+ objs[nobjs].closed = false;
+ nobjs++;
+
+@@ -201,6 +205,12 @@ do_test (int argc, char *argv[])
+ if (strcmp (lname, objs[i].lname) == 0 && lmid == objs[i].lmid)
+ {
+ TEST_COMPARE (objs[i].closed, false);
++ TEST_COMPARE (objs[i].cookie, cookie);
++ if (objs[i].namespace == -1)
++ /* No LA_ACT_ADD before the first la_objopen call. */
++ TEST_COMPARE (acts[0], last_act_cookie);
++ else
++ TEST_COMPARE (objs[i].namespace, last_act_cookie);
+ objs[i].closed = true;
+ break;
+ }
+@@ -209,11 +219,7 @@ do_test (int argc, char *argv[])
+ /* la_objclose should be called after la_activity(LA_ACT_DELETE) for
+ the closed object's namespace. */
+ TEST_COMPARE (last_act, LA_ACT_DELETE);
+- if (!seen_first_objclose)
+- {
+- TEST_COMPARE (last_act_cookie, cookie);
+- seen_first_objclose = true;
+- }
++ seen_first_objclose = true;
+ }
+ }
+
diff --git a/elf/tst-auditmod28.c b/elf/tst-auditmod28.c
index db7ba95abe..9e0a122c38 100644
--- a/elf/tst-auditmod28.c
@@ -929,6 +1785,97 @@ index 0000000000..70c71fe19c
+}
+
+#include <support/test-driver.c>
+diff --git a/elf/tst-env-setuid-tunables.c b/elf/tst-env-setuid-tunables.c
+index 88182b7b25..5e9e4c5756 100644
+--- a/elf/tst-env-setuid-tunables.c
++++ b/elf/tst-env-setuid-tunables.c
+@@ -52,6 +52,8 @@ const char *teststrings[] =
+ "glibc.malloc.perturb=0x800:not_valid.malloc.check=2:glibc.malloc.mmap_threshold=4096",
+ "glibc.not_valid.check=2:glibc.malloc.mmap_threshold=4096",
+ "not_valid.malloc.check=2:glibc.malloc.mmap_threshold=4096",
++ "glibc.malloc.mmap_threshold=glibc.malloc.mmap_threshold=4096",
++ "glibc.malloc.check=2",
+ "glibc.malloc.garbage=2:glibc.maoc.mmap_threshold=4096:glibc.malloc.check=2",
+ "glibc.malloc.check=4:glibc.malloc.garbage=2:glibc.maoc.mmap_threshold=4096",
+ ":glibc.malloc.garbage=2:glibc.malloc.check=1",
+@@ -70,6 +72,8 @@ const char *resultstrings[] =
+ "glibc.malloc.perturb=0x800:glibc.malloc.mmap_threshold=4096",
+ "glibc.malloc.mmap_threshold=4096",
+ "glibc.malloc.mmap_threshold=4096",
++ "glibc.malloc.mmap_threshold=glibc.malloc.mmap_threshold=4096",
++ "",
+ "",
+ "",
+ "",
+@@ -84,11 +88,18 @@ test_child (int off)
+ const char *val = getenv ("GLIBC_TUNABLES");
+
+ #if HAVE_TUNABLES
++ printf (" [%d] GLIBC_TUNABLES is %s\n", off, val);
++ fflush (stdout);
+ if (val != NULL && strcmp (val, resultstrings[off]) == 0)
+ return 0;
+
+ if (val != NULL)
+- printf ("[%d] Unexpected GLIBC_TUNABLES VALUE %s\n", off, val);
++ printf (" [%d] Unexpected GLIBC_TUNABLES VALUE %s, expected %s\n",
++ off, val, resultstrings[off]);
++ else
++ printf (" [%d] GLIBC_TUNABLES environment variable absent\n", off);
++
++ fflush (stdout);
+
+ return 1;
+ #else
+@@ -117,21 +128,26 @@ do_test (int argc, char **argv)
+ if (ret != 0)
+ exit (1);
+
+- exit (EXIT_SUCCESS);
++ /* Special return code to make sure that the child executed all the way
++ through. */
++ exit (42);
+ }
+ else
+ {
+- int ret = 0;
+-
+ /* Spawn tests. */
+ for (int i = 0; i < array_length (teststrings); i++)
+ {
+ char buf[INT_BUFSIZE_BOUND (int)];
+
+- printf ("Spawned test for %s (%d)\n", teststrings[i], i);
++ printf ("[%d] Spawned test for %s\n", i, teststrings[i]);
+ snprintf (buf, sizeof (buf), "%d\n", i);
++ fflush (stdout);
+ if (setenv ("GLIBC_TUNABLES", teststrings[i], 1) != 0)
+- exit (1);
++ {
++ printf (" [%d] Failed to set GLIBC_TUNABLES: %m", i);
++ support_record_failure ();
++ continue;
++ }
+
+ int status = support_capture_subprogram_self_sgid (buf);
+
+@@ -139,9 +155,14 @@ do_test (int argc, char **argv)
+ if (WEXITSTATUS (status) == EXIT_UNSUPPORTED)
+ return EXIT_UNSUPPORTED;
+
+- ret |= status;
++ if (WEXITSTATUS (status) != 42)
++ {
++ printf (" [%d] child failed with status %d\n", i,
++ WEXITSTATUS (status));
++ support_record_failure ();
++ }
+ }
+- return ret;
++ return 0;
+ }
+ }
+
diff --git a/elf/tst-ldconfig-p.sh b/elf/tst-ldconfig-p.sh
new file mode 100644
index 0000000000..ec937bf4ec
@@ -1654,6 +2601,23 @@ index 0000000000..00b1b93342
+++ b/include/bits/wchar2-decl.h
@@ -0,0 +1 @@
+#include <wcsmbs/bits/wchar2-decl.h>
+diff --git a/include/link.h b/include/link.h
+index 0ac82d7c77..4eb8fe0d96 100644
+--- a/include/link.h
++++ b/include/link.h
+@@ -253,8 +253,10 @@ struct link_map
+ /* Start and finish of memory map for this object. l_map_start
+ need not be the same as l_addr. */
+ ElfW(Addr) l_map_start, l_map_end;
+- /* End of the executable part of the mapping. */
+- ElfW(Addr) l_text_end;
++
++ /* Linked list of objects in reverse ELF constructor execution
++ order. Head of list is stored in _dl_init_called_list. */
++ struct link_map *l_init_called_next;
+
+ /* Default array for 'l_scope'. */
+ struct r_scope_elem *l_scope_mem[4];
diff --git a/include/resolv.h b/include/resolv.h
index 3590b6f496..4dbbac3800 100644
--- a/include/resolv.h
@@ -1668,19 +2632,36 @@ index 3590b6f496..4dbbac3800 100644
# endif /* _RESOLV_H_ && !_ISOMAC */
#endif
diff --git a/io/Makefile b/io/Makefile
-index b1710407d0..fb363c612c 100644
+index b1710407d0..b896484320 100644
--- a/io/Makefile
+++ b/io/Makefile
-@@ -80,7 +80,8 @@ tests := test-utime test-stat test-stat2 test-lfs tst-getcwd \
+@@ -59,6 +59,7 @@ routines := \
+ ftw64-time64 \
+ closefrom close_range
+
++
+ others := pwd
+ test-srcs := ftwtest ftwtest-time64
+ tests := test-utime test-stat test-stat2 test-lfs tst-getcwd \
+@@ -80,7 +81,9 @@ tests := test-utime test-stat test-stat2 test-lfs tst-getcwd \
tst-utimensat \
tst-closefrom \
tst-close_range \
- tst-ftw-bz28126
+ tst-ftw-bz28126 \
-+ tst-fcntl-lock
++ tst-fcntl-lock \
++ tst-fcntl-lock-lfs
tests-time64 := \
tst-fcntl-time64 \
+diff --git a/io/tst-fcntl-lock-lfs.c b/io/tst-fcntl-lock-lfs.c
+new file mode 100644
+index 0000000000..f2a909fb02
+--- /dev/null
++++ b/io/tst-fcntl-lock-lfs.c
+@@ -0,0 +1,2 @@
++#define _FILE_OFFSET_BITS 64
++#include <io/tst-fcntl-lock.c>
diff --git a/io/tst-fcntl-lock.c b/io/tst-fcntl-lock.c
new file mode 100644
index 0000000000..357c4b7b56
@@ -2480,6 +3461,93 @@ index 9becb62033..31c64275f0 100644
map = __nscd_get_mapping (GETFDHST, "hosts", &__hst_map_handle.mapped);
if (map == NO_MAPPING)
+diff --git a/nss/Makefile b/nss/Makefile
+index a978e3927a..7a52c68791 100644
+--- a/nss/Makefile
++++ b/nss/Makefile
+@@ -81,6 +81,7 @@ tests-container := \
+ tst-nss-test3 \
+ tst-reload1 \
+ tst-reload2 \
++ tst-nss-gai-hv2-canonname \
+ # tests-container
+
+ # Tests which need libdl
+@@ -144,7 +145,17 @@ libnss_compat-inhibit-o = $(filter-out .os,$(object-suffixes))
+ ifeq ($(build-static-nss),yes)
+ tests-static += tst-nss-static
+ endif
+-extra-test-objs += nss_test1.os nss_test2.os nss_test_errno.os
++extra-test-objs += nss_test1.os nss_test2.os nss_test_errno.os \
++ nss_test_gai_hv2_canonname.os
++
++ifeq ($(run-built-tests),yes)
++ifneq (no,$(PERL))
++tests-special += $(objpfx)mtrace-tst-nss-gai-hv2-canonname.out
++endif
++endif
++
++generated += mtrace-tst-nss-gai-hv2-canonname.out \
++ tst-nss-gai-hv2-canonname.mtrace
+
+ include ../Rules
+
+@@ -179,12 +190,16 @@ rtld-tests-LDFLAGS += -Wl,--dynamic-list=nss_test.ver
+ libof-nss_test1 = extramodules
+ libof-nss_test2 = extramodules
+ libof-nss_test_errno = extramodules
++libof-nss_test_gai_hv2_canonname = extramodules
+ $(objpfx)/libnss_test1.so: $(objpfx)nss_test1.os $(link-libc-deps)
+ $(build-module)
+ $(objpfx)/libnss_test2.so: $(objpfx)nss_test2.os $(link-libc-deps)
+ $(build-module)
+ $(objpfx)/libnss_test_errno.so: $(objpfx)nss_test_errno.os $(link-libc-deps)
+ $(build-module)
++$(objpfx)/libnss_test_gai_hv2_canonname.so: \
++ $(objpfx)nss_test_gai_hv2_canonname.os $(link-libc-deps)
++ $(build-module)
+ $(objpfx)nss_test2.os : nss_test1.c
+ # Use the nss_files suffix for these objects as well.
+ $(objpfx)/libnss_test1.so$(libnss_files.so-version): $(objpfx)/libnss_test1.so
+@@ -194,10 +209,14 @@ $(objpfx)/libnss_test2.so$(libnss_files.so-version): $(objpfx)/libnss_test2.so
+ $(objpfx)/libnss_test_errno.so$(libnss_files.so-version): \
+ $(objpfx)/libnss_test_errno.so
+ $(make-link)
++$(objpfx)/libnss_test_gai_hv2_canonname.so$(libnss_files.so-version): \
++ $(objpfx)/libnss_test_gai_hv2_canonname.so
++ $(make-link)
+ $(patsubst %,$(objpfx)%.out,$(tests) $(tests-container)) : \
+ $(objpfx)/libnss_test1.so$(libnss_files.so-version) \
+ $(objpfx)/libnss_test2.so$(libnss_files.so-version) \
+- $(objpfx)/libnss_test_errno.so$(libnss_files.so-version)
++ $(objpfx)/libnss_test_errno.so$(libnss_files.so-version) \
++ $(objpfx)/libnss_test_gai_hv2_canonname.so$(libnss_files.so-version)
+
+ ifeq (yes,$(have-thread-library))
+ $(objpfx)tst-cancel-getpwuid_r: $(shared-thread-library)
+@@ -206,6 +225,17 @@ endif
+ $(objpfx)tst-nss-files-alias-leak.out: $(objpfx)/libnss_files.so
+ $(objpfx)tst-nss-files-alias-truncated.out: $(objpfx)/libnss_files.so
+
++tst-nss-gai-hv2-canonname-ENV = \
++ MALLOC_TRACE=$(objpfx)tst-nss-gai-hv2-canonname.mtrace \
++ LD_PRELOAD=$(common-objpfx)/malloc/libc_malloc_debug.so
++$(objpfx)mtrace-tst-nss-gai-hv2-canonname.out: \
++ $(objpfx)tst-nss-gai-hv2-canonname.out
++ { test -r $(objpfx)tst-nss-gai-hv2-canonname.mtrace \
++ || ( echo "tst-nss-gai-hv2-canonname.mtrace does not exist"; exit 77; ) \
++ && $(common-objpfx)malloc/mtrace \
++ $(objpfx)tst-nss-gai-hv2-canonname.mtrace; } > $@; \
++ $(evaluate-test)
++
+ # Disable DT_RUNPATH on NSS tests so that the glibc internal NSS
+ # functions can load testing NSS modules via DT_RPATH.
+ LDFLAGS-tst-nss-test1 = -Wl,--disable-new-dtags
+@@ -214,3 +244,4 @@ LDFLAGS-tst-nss-test3 = -Wl,--disable-new-dtags
+ LDFLAGS-tst-nss-test4 = -Wl,--disable-new-dtags
+ LDFLAGS-tst-nss-test5 = -Wl,--disable-new-dtags
+ LDFLAGS-tst-nss-test_errno = -Wl,--disable-new-dtags
++LDFLAGS-tst-nss-test_gai_hv2_canonname = -Wl,--disable-new-dtags
diff --git a/nss/getent.c b/nss/getent.c
index 8178b4b470..d2d2524b0c 100644
--- a/nss/getent.c
@@ -2523,6 +3591,68 @@ index 8178b4b470..d2d2524b0c 100644
default:
return ARGP_ERR_UNKNOWN;
}
+diff --git a/nss/nss_test_gai_hv2_canonname.c b/nss/nss_test_gai_hv2_canonname.c
+new file mode 100644
+index 0000000000..4439c83c9f
+--- /dev/null
++++ b/nss/nss_test_gai_hv2_canonname.c
+@@ -0,0 +1,56 @@
++/* NSS service provider that only provides gethostbyname2_r.
++ Copyright The GNU Toolchain Authors.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <https://www.gnu.org/licenses/>. */
++
++#include <nss.h>
++#include <stdlib.h>
++#include <string.h>
++#include "nss/tst-nss-gai-hv2-canonname.h"
++
++/* Catch misnamed and functions. */
++#pragma GCC diagnostic error "-Wmissing-prototypes"
++NSS_DECLARE_MODULE_FUNCTIONS (test_gai_hv2_canonname)
++
++extern enum nss_status _nss_files_gethostbyname2_r (const char *, int,
++ struct hostent *, char *,
++ size_t, int *, int *);
++
++enum nss_status
++_nss_test_gai_hv2_canonname_gethostbyname2_r (const char *name, int af,
++ struct hostent *result,
++ char *buffer, size_t buflen,
++ int *errnop, int *herrnop)
++{
++ return _nss_files_gethostbyname2_r (name, af, result, buffer, buflen, errnop,
++ herrnop);
++}
++
++enum nss_status
++_nss_test_gai_hv2_canonname_getcanonname_r (const char *name, char *buffer,
++ size_t buflen, char **result,
++ int *errnop, int *h_errnop)
++{
++ /* We expect QUERYNAME, which is a small enough string that it shouldn't fail
++ the test. */
++ if (memcmp (QUERYNAME, name, sizeof (QUERYNAME))
++ || buflen < sizeof (QUERYNAME))
++ abort ();
++
++ strncpy (buffer, name, buflen);
++ *result = buffer;
++ return NSS_STATUS_SUCCESS;
++}
diff --git a/nss/tst-nss-files-hosts-long.c b/nss/tst-nss-files-hosts-long.c
index 3942cf5fca..a7697e3143 100644
--- a/nss/tst-nss-files-hosts-long.c
@@ -2547,6 +3677,96 @@ index 3942cf5fca..a7697e3143 100644
if (ret != 0)
FAIL_EXIT1("ahostsv6 failed");
+diff --git a/nss/tst-nss-gai-hv2-canonname.c b/nss/tst-nss-gai-hv2-canonname.c
+new file mode 100644
+index 0000000000..7db53cf09d
+--- /dev/null
++++ b/nss/tst-nss-gai-hv2-canonname.c
+@@ -0,0 +1,66 @@
++/* Test NSS query path for plugins that only implement gethostbyname2
++ (#30843).
++ Copyright The GNU Toolchain Authors.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <https://www.gnu.org/licenses/>. */
++
++#include <nss.h>
++#include <netdb.h>
++#include <stdlib.h>
++#include <string.h>
++#include <mcheck.h>
++#include <support/check.h>
++#include <support/xstdio.h>
++#include "nss/tst-nss-gai-hv2-canonname.h"
++
++#define PREPARE do_prepare
++
++static void do_prepare (int a, char **av)
++{
++ FILE *hosts = xfopen ("/etc/hosts", "w");
++ for (unsigned i = 2; i < 255; i++)
++ {
++ fprintf (hosts, "ff01::ff02:ff03:%u:2\ttest.example.com\n", i);
++ fprintf (hosts, "192.168.0.%u\ttest.example.com\n", i);
++ }
++ xfclose (hosts);
++}
++
++static int
++do_test (void)
++{
++ mtrace ();
++
++ __nss_configure_lookup ("hosts", "test_gai_hv2_canonname");
++
++ struct addrinfo hints = {};
++ struct addrinfo *result = NULL;
++
++ hints.ai_family = AF_INET6;
++ hints.ai_flags = AI_ALL | AI_V4MAPPED | AI_CANONNAME;
++
++ int ret = getaddrinfo (QUERYNAME, NULL, &hints, &result);
++
++ if (ret != 0)
++ FAIL_EXIT1 ("getaddrinfo failed: %s\n", gai_strerror (ret));
++
++ TEST_COMPARE_STRING (result->ai_canonname, QUERYNAME);
++
++ freeaddrinfo(result);
++ return 0;
++}
++
++#include <support/test-driver.c>
+diff --git a/nss/tst-nss-gai-hv2-canonname.h b/nss/tst-nss-gai-hv2-canonname.h
+new file mode 100644
+index 0000000000..14f2a9cb08
+--- /dev/null
++++ b/nss/tst-nss-gai-hv2-canonname.h
+@@ -0,0 +1 @@
++#define QUERYNAME "test.example.com"
+diff --git a/nss/tst-nss-gai-hv2-canonname.root/postclean.req b/nss/tst-nss-gai-hv2-canonname.root/postclean.req
+new file mode 100644
+index 0000000000..e69de29bb2
+diff --git a/nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script b/nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script
+new file mode 100644
+index 0000000000..31848b4a28
+--- /dev/null
++++ b/nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script
+@@ -0,0 +1,2 @@
++cp $B/nss/libnss_test_gai_hv2_canonname.so $L/libnss_test_gai_hv2_canonname.so.2
++su
diff --git a/nss/tst-reload1.c b/nss/tst-reload1.c
index fdc5bdd65b..bc32bb132a 100644
--- a/nss/tst-reload1.c
@@ -2582,7 +3802,7 @@ index fdc5bdd65b..bc32bb132a 100644
static struct hostent host_table_2[] = {
diff --git a/resolv/Makefile b/resolv/Makefile
-index 5b15321f9b..f8a92c6cff 100644
+index 5b15321f9b..28cedf49ee 100644
--- a/resolv/Makefile
+++ b/resolv/Makefile
@@ -40,12 +40,16 @@ routines := \
@@ -2602,7 +3822,7 @@ index 5b15321f9b..f8a92c6cff 100644
ns_samename \
nsap_addr \
nss_dns_functions \
-@@ -89,9 +93,12 @@ tests += \
+@@ -89,11 +93,15 @@ tests += \
tst-ns_name_pton \
tst-res_hconf_reorder \
tst-res_hnok \
@@ -2614,8 +3834,11 @@ index 5b15321f9b..f8a92c6cff 100644
+ tst-resolv-invalid-cname \
tst-resolv-network \
tst-resolv-noaaaa \
++ tst-resolv-noaaaa-vc \
tst-resolv-nondecimal \
-@@ -104,6 +111,18 @@ tests += \
+ tst-resolv-res_init-multi \
+ tst-resolv-search \
+@@ -104,6 +112,18 @@ tests += \
tests-internal += tst-resolv-txnid-collision
tests-static += tst-resolv-txnid-collision
@@ -2634,7 +3857,7 @@ index 5b15321f9b..f8a92c6cff 100644
# These tests need libdl.
ifeq (yes,$(build-shared))
tests += \
-@@ -258,8 +277,10 @@ $(objpfx)tst-resolv-ai_idn.out: $(gen-locales)
+@@ -258,8 +278,10 @@ $(objpfx)tst-resolv-ai_idn.out: $(gen-locales)
$(objpfx)tst-resolv-ai_idn-latin1.out: $(gen-locales)
$(objpfx)tst-resolv-ai_idn-nolibidn2.out: \
$(gen-locales) $(objpfx)tst-no-libidn2.so
@@ -2645,15 +3868,17 @@ index 5b15321f9b..f8a92c6cff 100644
$(objpfx)tst-resolv-edns: $(objpfx)libresolv.so $(shared-thread-library)
$(objpfx)tst-resolv-network: $(objpfx)libresolv.so $(shared-thread-library)
$(objpfx)tst-resolv-res_init: $(objpfx)libresolv.so
-@@ -267,6 +288,8 @@ $(objpfx)tst-resolv-res_init-multi: $(objpfx)libresolv.so \
+@@ -267,7 +289,10 @@ $(objpfx)tst-resolv-res_init-multi: $(objpfx)libresolv.so \
$(shared-thread-library)
$(objpfx)tst-resolv-res_init-thread: $(objpfx)libresolv.so \
$(shared-thread-library)
+$(objpfx)tst-resolv-invalid-cname: $(objpfx)libresolv.so \
+ $(shared-thread-library)
$(objpfx)tst-resolv-noaaaa: $(objpfx)libresolv.so $(shared-thread-library)
++$(objpfx)tst-resolv-noaaaa-vc: $(objpfx)libresolv.so $(shared-thread-library)
$(objpfx)tst-resolv-nondecimal: $(objpfx)libresolv.so $(shared-thread-library)
$(objpfx)tst-resolv-qtypes: $(objpfx)libresolv.so $(shared-thread-library)
+ $(objpfx)tst-resolv-rotate: $(objpfx)libresolv.so $(shared-thread-library)
diff --git a/resolv/README b/resolv/README
index 514e9bb617..2146bc3b27 100644
--- a/resolv/README
@@ -3118,7 +4343,7 @@ index 0000000000..9a47d8e97a
+ return *a == 0 && *b == 0;
+}
diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
-index 544cffbecd..9fa81f23c8 100644
+index 544cffbecd..227734da5c 100644
--- a/resolv/nss_dns/dns-host.c
+++ b/resolv/nss_dns/dns-host.c
@@ -69,6 +69,7 @@
@@ -3392,7 +4617,7 @@ index 544cffbecd..9fa81f23c8 100644
- host_buffer.buf->buf, 2048, NULL,
- NULL, NULL, NULL, NULL);
+ dns_packet_buffer, sizeof (dns_packet_buffer),
-+ NULL, NULL, NULL, NULL, NULL);
++ &alt_dns_packet_buffer, NULL, NULL, NULL, NULL);
if (n >= 0)
- status = gaih_getanswer_noaaaa (host_buffer.buf, n,
- name, pat, buffer, buflen,
@@ -6081,6 +7306,141 @@ index 0000000000..05725225af
+ resolv_response_add_data (b, "", 1);
+ resolv_response_close_record (b);
+}
+diff --git a/resolv/tst-resolv-noaaaa-vc.c b/resolv/tst-resolv-noaaaa-vc.c
+new file mode 100644
+index 0000000000..9f5aebd99f
+--- /dev/null
++++ b/resolv/tst-resolv-noaaaa-vc.c
+@@ -0,0 +1,129 @@
++/* Test the RES_NOAAAA resolver option with a large response.
++ Copyright (C) 2022-2023 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <https://www.gnu.org/licenses/>. */
++
++#include <errno.h>
++#include <netdb.h>
++#include <resolv.h>
++#include <stdbool.h>
++#include <stdlib.h>
++#include <support/check.h>
++#include <support/check_nss.h>
++#include <support/resolv_test.h>
++#include <support/support.h>
++#include <support/xmemstream.h>
++
++/* Used to keep track of the number of queries. */
++static volatile unsigned int queries;
++
++/* If true, add a large TXT record at the start of the answer section. */
++static volatile bool stuff_txt;
++
++static void
++response (const struct resolv_response_context *ctx,
++ struct resolv_response_builder *b,
++ const char *qname, uint16_t qclass, uint16_t qtype)
++{
++ /* If not using TCP, just force its use. */
++ if (!ctx->tcp)
++ {
++ struct resolv_response_flags flags = {.tc = true};
++ resolv_response_init (b, flags);
++ resolv_response_add_question (b, qname, qclass, qtype);
++ return;
++ }
++
++ /* The test needs to send four queries, the first three are used to
++ grow the NSS buffer via the ERANGE handshake. */
++ ++queries;
++ TEST_VERIFY (queries <= 4);
++
++ /* AAAA queries are supposed to be disabled. */
++ TEST_COMPARE (qtype, T_A);
++ TEST_COMPARE (qclass, C_IN);
++ TEST_COMPARE_STRING (qname, "example.com");
++
++ struct resolv_response_flags flags = {};
++ resolv_response_init (b, flags);
++ resolv_response_add_question (b, qname, qclass, qtype);
++
++ resolv_response_section (b, ns_s_an);
++
++ if (stuff_txt)
++ {
++ resolv_response_open_record (b, qname, qclass, T_TXT, 60);
++ int zero = 0;
++ for (int i = 0; i <= 15000; ++i)
++ resolv_response_add_data (b, &zero, sizeof (zero));
++ resolv_response_close_record (b);
++ }
++
++ for (int i = 0; i < 200; ++i)
++ {
++ resolv_response_open_record (b, qname, qclass, qtype, 60);
++ char ipv4[4] = {192, 0, 2, i + 1};
++ resolv_response_add_data (b, &ipv4, sizeof (ipv4));
++ resolv_response_close_record (b);
++ }
++}
++
++static int
++do_test (void)
++{
++ struct resolv_test *obj = resolv_test_start
++ ((struct resolv_redirect_config)
++ {
++ .response_callback = response
++ });
++
++ _res.options |= RES_NOAAAA;
++
++ for (int do_stuff_txt = 0; do_stuff_txt < 2; ++do_stuff_txt)
++ {
++ queries = 0;
++ stuff_txt = do_stuff_txt;
++
++ struct addrinfo *ai = NULL;
++ int ret;
++ ret = getaddrinfo ("example.com", "80",
++ &(struct addrinfo)
++ {
++ .ai_family = AF_UNSPEC,
++ .ai_socktype = SOCK_STREAM,
++ }, &ai);
++
++ char *expected_result;
++ {
++ struct xmemstream mem;
++ xopen_memstream (&mem);
++ for (int i = 0; i < 200; ++i)
++ fprintf (mem.out, "address: STREAM/TCP 192.0.2.%d 80\n", i + 1);
++ xfclose_memstream (&mem);
++ expected_result = mem.buffer;
++ }
++
++ check_addrinfo ("example.com", ai, ret, expected_result);
++
++ free (expected_result);
++ freeaddrinfo (ai);
++ }
++
++ resolv_test_end (obj);
++ return 0;
++}
++
++#include <support/test-driver.c>
diff --git a/scripts/dso-ordering-test.py b/scripts/dso-ordering-test.py
index 2dd6bfda18..b87cf2f809 100644
--- a/scripts/dso-ordering-test.py
@@ -6837,14 +8197,37 @@ index 909b208578..d66f0b9c45 100644
ldp q2, q3, [x29, #OFFSET_RV + DL_OFFSET_RV_V0 + 32*1]
ldp q4, q5, [x29, #OFFSET_RV + DL_OFFSET_RV_V0 + 32*2]
diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h
-index 050a3032de..6b256b8388 100644
+index 050a3032de..ab8a7fbf84 100644
--- a/sysdeps/generic/ldsodefs.h
+++ b/sysdeps/generic/ldsodefs.h
-@@ -1048,9 +1048,11 @@ extern void _dl_init (struct link_map *main_map, int argc, char **argv,
+@@ -105,6 +105,9 @@ typedef struct link_map *lookup_t;
+ DT_PREINIT_ARRAY. */
+ typedef void (*dl_init_t) (int, char **, char **);
+
++/* Type of a constructor function, in DT_FINI, DT_FINI_ARRAY. */
++typedef void (*fini_t) (void);
++
+ /* On some architectures a pointer to a function is not just a pointer
+ to the actual code of the function but rather an architecture
+ specific descriptor. */
+@@ -1044,13 +1047,24 @@ extern int _dl_check_map_versions (struct link_map *map, int verbose,
+ extern void _dl_init (struct link_map *main_map, int argc, char **argv,
+ char **env) attribute_hidden;
+
++/* List of ELF objects in reverse order of their constructor
++ invocation. */
++extern struct link_map *_dl_init_called_list attribute_hidden;
++
+ /* Call the finalizer functions of all shared objects whose
initializer functions have completed. */
extern void _dl_fini (void) attribute_hidden;
-/* Sort array MAPS according to dependencies of the contained objects. */
++/* Invoke the DT_FINI_ARRAY and DT_FINI destructors for MAP, which
++ must be a struct link_map *. Can be used as an argument to
++ _dl_catch_exception. */
++void _dl_call_fini (void *map) attribute_hidden;
++
+/* Sort array MAPS according to dependencies of the contained objects.
+ If FORCE_FIRST, MAPS[0] keeps its place even if the dependencies
+ say otherwise. */
@@ -7130,10 +8513,81 @@ index d3a6837fd2..425f514c5c 100644
typedef pthread_rwlock_t __libc_rwlock_t;
diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
-index bcff909b2f..5cda9bb072 100644
+index bcff909b2f..f975dcd2bc 100644
--- a/sysdeps/posix/getaddrinfo.c
+++ b/sysdeps/posix/getaddrinfo.c
-@@ -540,11 +540,11 @@ get_nscd_addresses (const char *name, const struct addrinfo *req,
+@@ -120,6 +120,7 @@ struct gaih_result
+ {
+ struct gaih_addrtuple *at;
+ char *canon;
++ char *h_name;
+ bool free_at;
+ bool got_ipv6;
+ };
+@@ -165,6 +166,7 @@ gaih_result_reset (struct gaih_result *res)
+ if (res->free_at)
+ free (res->at);
+ free (res->canon);
++ free (res->h_name);
+ memset (res, 0, sizeof (*res));
+ }
+
+@@ -203,9 +205,8 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp,
+ return 0;
+ }
+
+-/* Convert struct hostent to a list of struct gaih_addrtuple objects. h_name
+- is not copied, and the struct hostent object must not be deallocated
+- prematurely. The new addresses are appended to the tuple array in RES. */
++/* Convert struct hostent to a list of struct gaih_addrtuple objects. The new
++ addresses are appended to the tuple array in RES. */
+ static bool
+ convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, int family,
+ struct hostent *h, struct gaih_result *res)
+@@ -238,6 +239,15 @@ convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, int family,
+ res->at = array;
+ res->free_at = true;
+
++ /* Duplicate h_name because it may get reclaimed when the underlying storage
++ is freed. */
++ if (res->h_name == NULL)
++ {
++ res->h_name = __strdup (h->h_name);
++ if (res->h_name == NULL)
++ return false;
++ }
++
+ /* Update the next pointers on reallocation. */
+ for (size_t i = 0; i < old; i++)
+ array[i].next = array + i + 1;
+@@ -262,7 +272,6 @@ convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, int family,
+ }
+ array[i].next = array + i + 1;
+ }
+- array[0].name = h->h_name;
+ array[count - 1].next = NULL;
+
+ return true;
+@@ -324,15 +333,15 @@ gethosts (nss_gethostbyname3_r fct, int family, const char *name,
+ memory allocation failure. The returned string is allocated on the
+ heap; the caller has to free it. */
+ static char *
+-getcanonname (nss_action_list nip, struct gaih_addrtuple *at, const char *name)
++getcanonname (nss_action_list nip, const char *hname, const char *name)
+ {
+ nss_getcanonname_r *cfct = __nss_lookup_function (nip, "getcanonname_r");
+ char *s = (char *) name;
+ if (cfct != NULL)
+ {
+ char buf[256];
+- if (DL_CALL_FCT (cfct, (at->name ?: name, buf, sizeof (buf),
+- &s, &errno, &h_errno)) != NSS_STATUS_SUCCESS)
++ if (DL_CALL_FCT (cfct, (hname ?: name, buf, sizeof (buf), &s, &errno,
++ &h_errno)) != NSS_STATUS_SUCCESS)
+ /* If the canonical name cannot be determined, use the passed
+ string. */
+ s = (char *) name;
+@@ -540,11 +549,11 @@ get_nscd_addresses (const char *name, const struct addrinfo *req,
at[count].addr[2] = htonl (0xffff);
}
else if (req->ai_family == AF_UNSPEC
@@ -7148,6 +8602,26 @@ index bcff909b2f..5cda9bb072 100644
res->got_ipv6 = true;
}
at[count].next = at + count + 1;
+@@ -771,7 +780,7 @@ get_nss_addresses (const char *name, const struct addrinfo *req,
+ if ((req->ai_flags & AI_CANONNAME) != 0
+ && res->canon == NULL)
+ {
+- char *canonbuf = getcanonname (nip, res->at, name);
++ char *canonbuf = getcanonname (nip, res->h_name, name);
+ if (canonbuf == NULL)
+ {
+ __resolv_context_put (res_ctx);
+@@ -1187,9 +1196,7 @@ free_and_return:
+ if (malloc_name)
+ free ((char *) name);
+ free (addrmem);
+- if (res.free_at)
+- free (res.at);
+- free (res.canon);
++ gaih_result_reset (&res);
+
+ return result;
+ }
diff --git a/sysdeps/posix/system.c b/sysdeps/posix/system.c
index 8014f63355..20c9420dd4 100644
--- a/sysdeps/posix/system.c
@@ -8302,14 +9776,14 @@ index a263d294b1..cf35c8bfc9 100644
{
return INLINE_SYSCALL_CALL (getrandom, buf, buflen, flags);
diff --git a/sysdeps/unix/sysv/linux/powerpc/bits/fcntl.h b/sysdeps/unix/sysv/linux/powerpc/bits/fcntl.h
-index d7cf158b33..49c8fac0fb 100644
+index d7cf158b33..0ca6e69ee9 100644
--- a/sysdeps/unix/sysv/linux/powerpc/bits/fcntl.h
+++ b/sysdeps/unix/sysv/linux/powerpc/bits/fcntl.h
@@ -33,6 +33,12 @@
# define __O_LARGEFILE 0200000
#endif
-+#if __WORDSIZE == 64
++#if __WORDSIZE == 64 && !defined __USE_FILE_OFFSET64
+# define F_GETLK 5
+# define F_SETLK 6
+# define F_SETLKW 7
@@ -8953,13 +10427,205 @@ index 037af22290..5711d1c312 100644
char *path = xasprintf ("/proc/%d/fd/%d", pid, remote_fd);
diff --git a/sysdeps/x86/dl-cacheinfo.h b/sysdeps/x86/dl-cacheinfo.h
-index e9f3382108..637b5a022d 100644
+index e9f3382108..d95c1efa2c 100644
--- a/sysdeps/x86/dl-cacheinfo.h
+++ b/sysdeps/x86/dl-cacheinfo.h
-@@ -861,6 +861,18 @@ dl_init_cacheinfo (struct cpu_features *cpu_features)
- share of the cache, it has a substantial risk of negatively
- impacting the performance of other threads running on the chip. */
- unsigned long int non_temporal_threshold = shared * 3 / 4;
+@@ -478,7 +478,7 @@ handle_zhaoxin (int name)
+ }
+
+ static void
+-get_common_cache_info (long int *shared_ptr, unsigned int *threads_ptr,
++get_common_cache_info (long int *shared_ptr, long int * shared_per_thread_ptr, unsigned int *threads_ptr,
+ long int core)
+ {
+ unsigned int eax;
+@@ -497,6 +497,7 @@ get_common_cache_info (long int *shared_ptr, unsigned int *threads_ptr,
+ unsigned int family = cpu_features->basic.family;
+ unsigned int model = cpu_features->basic.model;
+ long int shared = *shared_ptr;
++ long int shared_per_thread = *shared_per_thread_ptr;
+ unsigned int threads = *threads_ptr;
+ bool inclusive_cache = true;
+ bool support_count_mask = true;
+@@ -512,6 +513,7 @@ get_common_cache_info (long int *shared_ptr, unsigned int *threads_ptr,
+ /* Try L2 otherwise. */
+ level = 2;
+ shared = core;
++ shared_per_thread = core;
+ threads_l2 = 0;
+ threads_l3 = -1;
+ }
+@@ -668,29 +670,27 @@ get_common_cache_info (long int *shared_ptr, unsigned int *threads_ptr,
+ }
+ else
+ {
+-intel_bug_no_cache_info:
+- /* Assume that all logical threads share the highest cache
+- level. */
+- threads
+- = ((cpu_features->features[CPUID_INDEX_1].cpuid.ebx >> 16)
+- & 0xff);
+- }
+-
+- /* Cap usage of highest cache level to the number of supported
+- threads. */
+- if (shared > 0 && threads > 0)
+- shared /= threads;
++ intel_bug_no_cache_info:
++ /* Assume that all logical threads share the highest cache
++ level. */
++ threads = ((cpu_features->features[CPUID_INDEX_1].cpuid.ebx >> 16)
++ & 0xff);
++ }
++ /* Get per-thread size of highest level cache. */
++ if (shared_per_thread > 0 && threads > 0)
++ shared_per_thread /= threads;
+ }
+
+ /* Account for non-inclusive L2 and L3 caches. */
+ if (!inclusive_cache)
+ {
+- if (threads_l2 > 0)
+- core /= threads_l2;
++ long int core_per_thread = threads_l2 > 0 ? (core / threads_l2) : core;
++ shared_per_thread += core_per_thread;
+ shared += core;
+ }
+
+ *shared_ptr = shared;
++ *shared_per_thread_ptr = shared_per_thread;
+ *threads_ptr = threads;
+ }
+
+@@ -704,6 +704,7 @@ dl_init_cacheinfo (struct cpu_features *cpu_features)
+ int max_cpuid_ex;
+ long int data = -1;
+ long int shared = -1;
++ long int shared_per_thread = -1;
+ long int core = -1;
+ unsigned int threads = 0;
+ unsigned long int level1_icache_size = -1;
+@@ -724,6 +725,7 @@ dl_init_cacheinfo (struct cpu_features *cpu_features)
+ data = handle_intel (_SC_LEVEL1_DCACHE_SIZE, cpu_features);
+ core = handle_intel (_SC_LEVEL2_CACHE_SIZE, cpu_features);
+ shared = handle_intel (_SC_LEVEL3_CACHE_SIZE, cpu_features);
++ shared_per_thread = shared;
+
+ level1_icache_size
+ = handle_intel (_SC_LEVEL1_ICACHE_SIZE, cpu_features);
+@@ -747,13 +749,14 @@ dl_init_cacheinfo (struct cpu_features *cpu_features)
+ level4_cache_size
+ = handle_intel (_SC_LEVEL4_CACHE_SIZE, cpu_features);
+
+- get_common_cache_info (&shared, &threads, core);
++ get_common_cache_info (&shared, &shared_per_thread, &threads, core);
+ }
+ else if (cpu_features->basic.kind == arch_kind_zhaoxin)
+ {
+ data = handle_zhaoxin (_SC_LEVEL1_DCACHE_SIZE);
+ core = handle_zhaoxin (_SC_LEVEL2_CACHE_SIZE);
+ shared = handle_zhaoxin (_SC_LEVEL3_CACHE_SIZE);
++ shared_per_thread = shared;
+
+ level1_icache_size = handle_zhaoxin (_SC_LEVEL1_ICACHE_SIZE);
+ level1_icache_linesize = handle_zhaoxin (_SC_LEVEL1_ICACHE_LINESIZE);
+@@ -767,13 +770,14 @@ dl_init_cacheinfo (struct cpu_features *cpu_features)
+ level3_cache_assoc = handle_zhaoxin (_SC_LEVEL3_CACHE_ASSOC);
+ level3_cache_linesize = handle_zhaoxin (_SC_LEVEL3_CACHE_LINESIZE);
+
+- get_common_cache_info (&shared, &threads, core);
++ get_common_cache_info (&shared, &shared_per_thread, &threads, core);
+ }
+ else if (cpu_features->basic.kind == arch_kind_amd)
+ {
+ data = handle_amd (_SC_LEVEL1_DCACHE_SIZE);
+ core = handle_amd (_SC_LEVEL2_CACHE_SIZE);
+ shared = handle_amd (_SC_LEVEL3_CACHE_SIZE);
++ shared_per_thread = shared;
+
+ level1_icache_size = handle_amd (_SC_LEVEL1_ICACHE_SIZE);
+ level1_icache_linesize = handle_amd (_SC_LEVEL1_ICACHE_LINESIZE);
+@@ -791,8 +795,11 @@ dl_init_cacheinfo (struct cpu_features *cpu_features)
+ __cpuid (0x80000000, max_cpuid_ex, ebx, ecx, edx);
+
+ if (shared <= 0)
+- /* No shared L3 cache. All we have is the L2 cache. */
+- shared = core;
++ {
++ /* No shared L3 cache. All we have is the L2 cache. */
++ shared = core;
++ shared_per_thread = core;
++ }
+ else
+ {
+ /* Figure out the number of logical threads that share L3. */
+@@ -816,7 +823,7 @@ dl_init_cacheinfo (struct cpu_features *cpu_features)
+ /* Cap usage of highest cache level to the number of
+ supported threads. */
+ if (threads > 0)
+- shared /= threads;
++ shared_per_thread /= threads;
+
+ /* Get shared cache per ccx for Zen architectures. */
+ if (cpu_features->basic.family >= 0x17)
+@@ -827,12 +834,13 @@ dl_init_cacheinfo (struct cpu_features *cpu_features)
+ __cpuid_count (0x8000001D, 0x3, eax, ebx, ecx, edx);
+
+ unsigned int threads_per_ccx = ((eax >> 14) & 0xfff) + 1;
+- shared *= threads_per_ccx;
++ shared_per_thread *= threads_per_ccx;
+ }
+ else
+ {
+ /* Account for exclusive L2 and L3 caches. */
+ shared += core;
++ shared_per_thread += core;
+ }
+ }
+ }
+@@ -850,17 +858,46 @@ dl_init_cacheinfo (struct cpu_features *cpu_features)
+ cpu_features->level3_cache_linesize = level3_cache_linesize;
+ cpu_features->level4_cache_size = level4_cache_size;
+
+- /* The default setting for the non_temporal threshold is 3/4 of one
+- thread's share of the chip's cache. For most Intel and AMD processors
+- with an initial release date between 2017 and 2020, a thread's typical
+- share of the cache is from 500 KBytes to 2 MBytes. Using the 3/4
+- threshold leaves 125 KBytes to 500 KBytes of the thread's data
+- in cache after a maximum temporal copy, which will maintain
+- in cache a reasonable portion of the thread's stack and other
+- active data. If the threshold is set higher than one thread's
+- share of the cache, it has a substantial risk of negatively
+- impacting the performance of other threads running on the chip. */
+- unsigned long int non_temporal_threshold = shared * 3 / 4;
++ /* The default setting for the non_temporal threshold is 1/4 of size
++ of the chip's cache. For most Intel and AMD processors with an
++ initial release date between 2017 and 2023, a thread's typical
++ share of the cache is from 18-64MB. Using the 1/4 L3 is meant to
++ estimate the point where non-temporal stores begin out-competing
++ REP MOVSB. As well the point where the fact that non-temporal
++ stores are forced back to main memory would already occurred to the
++ majority of the lines in the copy. Note, concerns about the
++ entire L3 cache being evicted by the copy are mostly alleviated
++ by the fact that modern HW detects streaming patterns and
++ provides proper LRU hints so that the maximum thrashing
++ capped at 1/associativity. */
++ unsigned long int non_temporal_threshold = shared / 4;
++
++ /* If the computed non_temporal_threshold <= 3/4 * per-thread L3, we most
++ likely have incorrect/incomplete cache info in which case, default to
++ 3/4 * per-thread L3 to avoid regressions. */
++ unsigned long int non_temporal_threshold_lowbound
++ = shared_per_thread * 3 / 4;
++ if (non_temporal_threshold < non_temporal_threshold_lowbound)
++ non_temporal_threshold = non_temporal_threshold_lowbound;
++
++ /* If no ERMS, we use the per-thread L3 chunking. Normal cacheable stores run
++ a higher risk of actually thrashing the cache as they don't have a HW LRU
++ hint. As well, their performance in highly parallel situations is
++ noticeably worse. */
++ if (!CPU_FEATURE_USABLE_P (cpu_features, ERMS))
++ non_temporal_threshold = non_temporal_threshold_lowbound;
+ /* SIZE_MAX >> 4 because memmove-vec-unaligned-erms right-shifts the value of
+ 'x86_non_temporal_threshold' by `LOG_4X_MEMCPY_THRESH` (4) and it is best
+ if that operation cannot overflow. Minimum of 0x4040 (16448) because the
@@ -8975,7 +10641,7 @@ index e9f3382108..637b5a022d 100644
#if HAVE_TUNABLES
/* NB: The REP MOVSB threshold must be greater than VEC_SIZE * 8. */
-@@ -915,8 +927,8 @@ dl_init_cacheinfo (struct cpu_features *cpu_features)
+@@ -915,8 +952,8 @@ dl_init_cacheinfo (struct cpu_features *cpu_features)
shared = tunable_size;
tunable_size = TUNABLE_GET (x86_non_temporal_threshold, long int, NULL);
@@ -8986,7 +10652,7 @@ index e9f3382108..637b5a022d 100644
non_temporal_threshold = tunable_size;
tunable_size = TUNABLE_GET (x86_rep_movsb_threshold, long int, NULL);
-@@ -931,14 +943,9 @@ dl_init_cacheinfo (struct cpu_features *cpu_features)
+@@ -931,14 +968,9 @@ dl_init_cacheinfo (struct cpu_features *cpu_features)
TUNABLE_SET_WITH_BOUNDS (x86_data_cache_size, data, 0, SIZE_MAX);
TUNABLE_SET_WITH_BOUNDS (x86_shared_cache_size, shared, 0, SIZE_MAX);
1
0
04 Oct '23
commit 3995f0f162ec737721c23665afa867e184aeeb77
Author: Juergen Daubert <jue(a)jue.li>
Date: Wed Oct 4 08:45:50 2023 +0200
[notify] xorg-libxpm: update to 3.5.17, security fixes
see https://lists.x.org/archives/xorg-announce/2023-October/003424.html
diff --git a/xorg-libxpm/.signature b/xorg-libxpm/.signature
index bb620d9c..b8ba4c7e 100644
--- a/xorg-libxpm/.signature
+++ b/xorg-libxpm/.signature
@@ -1,5 +1,5 @@
untrusted comment: verify with /etc/ports/xorg.pub
-RWTSGWF5Q7TndEPiIVfyC3m3gAwM9tGvsh28gqseNxANgdSWsgkF0swUPUZuuWzMm//WOaNwnkR2j4aUVG37JCGybe1RF221PQ8=
-SHA256 (Pkgfile) = 079cbf4e3d2b168aba03c0a6754fe6be3971147115c2ba5deb4bec4d6910bf99
+RWTSGWF5Q7TndNh2GdAzeH9/WnVlNId3kBqZN8sn8uxYak+woyL2jMiogHhY34hGRFFV0dwL1StMTa5ZiV0QjGKQ1hCDEp4YuwE=
+SHA256 (Pkgfile) = 85ea64f8c3c64460538e2b3bbe0b4f8c0b5a632e66f870560a6b2b249b941b0b
SHA256 (.footprint) = 5c344af62ddca197a5690575ec3b75f52ab1e6c75050297e15d01d7ac44b7361
-SHA256 (libXpm-3.5.16.tar.xz) = e6bc5da7a69dbd9bcc67e87c93d4904fe2f5177a0711c56e71fa2f6eff649f51
+SHA256 (libXpm-3.5.17.tar.xz) = 64b31f81019e7d388c822b0b28af8d51c4622b83f1f0cb6fa3fc95e271226e43
diff --git a/xorg-libxpm/Pkgfile b/xorg-libxpm/Pkgfile
index 59b5da17..b55ff581 100644
--- a/xorg-libxpm/Pkgfile
+++ b/xorg-libxpm/Pkgfile
@@ -4,7 +4,7 @@
# Depends on: xorg-libxext xorg-libxt
name=xorg-libxpm
-version=3.5.16
+version=3.5.17
release=1
source=(https://www.x.org/releases/individual/lib/libXpm-$version.tar.xz)
1
0
04 Oct '23
commit 29e07f945dfc58fdac5ff5b63219369da11e1679
Author: Juergen Daubert <jue(a)jue.li>
Date: Wed Oct 4 08:43:15 2023 +0200
[notify] xorg-libx11: update to 1.8.7, security fixes
see https://lists.x.org/archives/xorg-announce/2023-October/003426.html
diff --git a/xorg-libx11/.footprint b/xorg-libx11/.footprint
index 9e52fc6b..53b90740 100644
--- a/xorg-libx11/.footprint
+++ b/xorg-libx11/.footprint
@@ -841,6 +841,7 @@ drwxr-xr-x root/root usr/share/man/man3/
-rw-r--r-- root/root usr/share/man/man3/XcmsTekHVCQueryMaxVSamples.3.gz
-rw-r--r-- root/root usr/share/man/man3/XcmsTekHVCQueryMinV.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbActionCtrls.3.gz
+-rw-r--r-- root/root usr/share/man/man3/XkbActionSetCtrls.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbAddDeviceLedInfo.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbAddGeomColor.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbAddGeomDoodad.3.gz
@@ -859,7 +860,6 @@ drwxr-xr-x root/root usr/share/man/man3/
-rw-r--r-- root/root usr/share/man/man3/XkbAllocCompatMap.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbAllocControls.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbAllocDeviceInfo.3.gz
--rw-r--r-- root/root usr/share/man/man3/XkbAllocDeviceLedInfo.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbAllocGeomColors.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbAllocGeomDoodads.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbAllocGeomKeyAliases.3.gz
@@ -885,7 +885,6 @@ drwxr-xr-x root/root usr/share/man/man3/
-rw-r--r-- root/root usr/share/man/man3/XkbChangeControls.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbChangeDeviceInfo.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbChangeEnabledControls.3.gz
--rw-r--r-- root/root usr/share/man/man3/XkbChangeIndicators.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbChangeMap.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbChangeNames.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbChangeTypesOfKey.3.gz
@@ -923,10 +922,8 @@ drwxr-xr-x root/root usr/share/man/man3/
-rw-r--r-- root/root usr/share/man/man3/XkbFreeKeyboard.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbFreeNames.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbFreeServerMap.3.gz
--rw-r--r-- root/root usr/share/man/man3/XkbGetAccessXTimeout.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbGetAutoRepeatRate.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbGetAutoResetControls.3.gz
--rw-r--r-- root/root usr/share/man/man3/XkbGetBounceKeysDelay.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbGetCompatMap.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbGetControls.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbGetControlsChanges.3.gz
@@ -936,7 +933,6 @@ drwxr-xr-x root/root usr/share/man/man3/
-rw-r--r-- root/root usr/share/man/man3/XkbGetDeviceInfoChanges.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbGetDeviceLedInfo.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbGetGeometry.3.gz
--rw-r--r-- root/root usr/share/man/man3/XkbGetIndicatorChanges.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbGetIndicatorMap.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbGetIndicatorState.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbGetKeyActions.3.gz
@@ -949,14 +945,11 @@ drwxr-xr-x root/root usr/share/man/man3/
-rw-r--r-- root/root usr/share/man/man3/XkbGetKeyboard.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbGetKeyboardByName.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbGetMap.3.gz
--rw-r--r-- root/root usr/share/man/man3/XkbGetNameChanges.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbGetNamedDeviceIndicator.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbGetNamedGeometry.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbGetNamedIndicator.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbGetNames.3.gz
--rw-r--r-- root/root usr/share/man/man3/XkbGetSlowKeysDelay.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbGetState.3.gz
--rw-r--r-- root/root usr/share/man/man3/XkbGetStickyKeysOptions.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbGetUpdatedMap.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbGetVirtualMods.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbGetXlibControls.3.gz
@@ -969,14 +962,13 @@ drwxr-xr-x root/root usr/share/man/man3/
-rw-r--r-- root/root usr/share/man/man3/XkbKeyGroupWidth.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbKeyGroupsWidth.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbKeyHasActions.3.gz
+-rw-r--r-- root/root usr/share/man/man3/XkbKeyKeyType.3.gz
+-rw-r--r-- root/root usr/share/man/man3/XkbKeyKeyTypeIndex.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbKeyNumActions.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbKeyNumGroups.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbKeyNumSyms.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbKeySymEntry.3.gz
--rw-r--r-- root/root usr/share/man/man3/XkbKeySymsOffset.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbKeySymsPtr.3.gz
--rw-r--r-- root/root usr/share/man/man3/XkbKeyType.3.gz
--rw-r--r-- root/root usr/share/man/man3/XkbKeyTypeIndex.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbKeyTypesForCoreSymbols.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbKeycodeToKeysym.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbKeysymToModifiers.3.gz
@@ -991,7 +983,6 @@ drwxr-xr-x root/root usr/share/man/man3/
-rw-r--r-- root/root usr/share/man/man3/XkbModActionVMods.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbNoteControlsChanges.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbNoteDeviceChanges.3.gz
--rw-r--r-- root/root usr/share/man/man3/XkbNoteIndicatorChanges.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbNoteNameChanges.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbOpenDisplay.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbOutOfRangeGroupInfo.3.gz
@@ -1004,7 +995,6 @@ drwxr-xr-x root/root usr/share/man/man3/
-rw-r--r-- root/root usr/share/man/man3/XkbResizeKeyActions.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbResizeKeySyms.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbResizeKeyType.3.gz
--rw-r--r-- root/root usr/share/man/man3/XkbSAActionSetCtrls.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbSAGroup.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbSAPtrDfltValue.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbSARedirectSetVMods.3.gz
@@ -1017,10 +1007,8 @@ drwxr-xr-x root/root usr/share/man/man3/
-rw-r--r-- root/root usr/share/man/man3/XkbSASetScreen.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbSelectEventDetails.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbSelectEvents.3.gz
--rw-r--r-- root/root usr/share/man/man3/XkbSetAccessXTimeout.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbSetAutoRepeatRate.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbSetAutoResetControls.3.gz
--rw-r--r-- root/root usr/share/man/man3/XkbSetBounceKeysDelay.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbSetCompatMap.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbSetControls.3.gz
-rw-r--r-- root/root usr/share/man/man3/XkbSetDebuggingFlags.3.gz
diff --git a/xorg-libx11/.signature b/xorg-libx11/.signature
index a4b9e335..8b43f1fc 100644
--- a/xorg-libx11/.signature
+++ b/xorg-libx11/.signature
@@ -1,5 +1,5 @@
untrusted comment: verify with /etc/ports/xorg.pub
-RWTSGWF5Q7TndBlEbmSdIBuBO2/HY/jUvZXmaLgzOj0u9tZfYMiG+a+tfbKfxsDoaeLJOR8awIQUgUKWcbYolI0u1imY5J2oGAA=
-SHA256 (Pkgfile) = d36b00c1fdbdd7d40080486976e5629c1b1352802acdfd5ca1970a5427cbecc4
-SHA256 (.footprint) = 4c27b51e09695066f98ad89cfc3f1e4becc59ccaa39387c56ee010bb8700295f
-SHA256 (libX11-1.8.6.tar.xz) = 59535b7cc6989ba806a022f7e8533b28c4397b9d86e9d07b6df0c0703fa25cc9
+RWTSGWF5Q7TndDloPkh2mIDGhnq4qEBfL4sFKQEOi+83DRrPDq+aXH69qxaT64ZEU7jezM310SgIEoOVMliGnE3y6vf2+eW8BwY=
+SHA256 (Pkgfile) = 48d7a1e3051ffe84b11c5e1ff4701cd47af521501a39940fdc3ecbcba6fdb813
+SHA256 (.footprint) = ad45f984e7a94f8db4533868d241860c126984263242e067ead113fd8e615188
+SHA256 (libX11-1.8.7.tar.xz) = 05f267468e3c851ae2b5c830bcf74251a90f63f04dd7c709ca94dc155b7e99ee
diff --git a/xorg-libx11/Pkgfile b/xorg-libx11/Pkgfile
index 9f317c0e..9a0c6025 100644
--- a/xorg-libx11/Pkgfile
+++ b/xorg-libx11/Pkgfile
@@ -4,7 +4,7 @@
# Depends on: xorg-libxcb xorg-xtrans
name=xorg-libx11
-version=1.8.6
+version=1.8.7
release=1
source=(https://www.x.org/releases/individual/lib/libX11-$version.tar.xz)
1
0
commit 09549a6f91b280da89cfa9f2d581180459678259
Author: Juergen Daubert <jue(a)jue.li>
Date: Mon Oct 2 14:55:19 2023 +0200
[notify] exim: update to 4.96.1
security fixes, see
https://www.openwall.com/lists/oss-security/2023/10/01/4
diff --git a/exim/.signature b/exim/.signature
index b3511144..543c8a2d 100644
--- a/exim/.signature
+++ b/exim/.signature
@@ -1,7 +1,7 @@
untrusted comment: verify with /etc/ports/core.pub
-RWRJc1FUaeVeqiu3qGJbnURd4x58v7Pn4wtYwg7p8rzJCHVyXD8RUZoupa6mcXtxQcP2a5FPk1lQGjdkzPL4uLDcJkNmbm6W/wE=
-SHA256 (Pkgfile) = 28586da44447ec328c3ddcdb473bc8b76b6625b79c4b1e379778010045173028
+RWRJc1FUaeVeqov1mxfewbfvNjdIDeJOI6OnVTyJ3ytw/8wCVt1UFq+MvZkhMxc9jNVPabUo5/EEbIFsOOEXCbfMNqP2u6ihYw0=
+SHA256 (Pkgfile) = 4640c97301cf8ec9b8322f29008f3032a31777e0110e93a5e3e35ec0d8b6d3a5
SHA256 (.footprint) = 3e5fe8471a7a9057c0c7486c016ea2ed1dc5ebd72adc13c23f432ef468d2fc5d
-SHA256 (exim-4.96.tar.xz) = 299a56927b2eb3477daafd3c5bda02bc67e5c4e5898a7aeaf2740875278cf1a3
+SHA256 (exim-4.96.1.tar.xz) = 93ac0755c317e1fdbbea8ccb70a868876bdf3148692891c72ad0fe816767033d
SHA256 (exim) = fcc6489769d9b4503f6435747dca79d9f8aca1da05628dc82de6a27335cd27a7
-SHA256 (exim-config.patch) = 174097a1e0f92a6b87f3a9c757c13623113b300d5f3b7b79ef0774bd4a1ca4f3
+SHA256 (exim-config.patch) = 7cc7b24a7a28215d88fb70b0e8ed7c9e02c780b0f207ece81574e59111a7f405
diff --git a/exim/Pkgfile b/exim/Pkgfile
index 36295c9d..9361fd01 100644
--- a/exim/Pkgfile
+++ b/exim/Pkgfile
@@ -4,7 +4,7 @@
# Depends on: db libpcre2 openssl
name=exim
-version=4.96
+version=4.96.1
release=1
source=(https://ftp.exim.org/pub/exim/exim4/$name-$version.tar.xz
$name $name-config.patch)
diff --git a/exim/exim-4.95-openssl30-build-fix.patch b/exim/exim-4.95-openssl30-build-fix.patch
deleted file mode 100644
index 7331f5c1..00000000
--- a/exim/exim-4.95-openssl30-build-fix.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-diff --git a/src/tls-openssl.c b/src/tls-openssl.c
-index bc454c8..c6da62c 100644
---- a/src/tls-openssl.c
-+++ b/src/tls-openssl.c
-@@ -232,10 +232,14 @@ static exim_openssl_option exim_openssl_options[] = {
- { US"no_tlsv1", SSL_OP_NO_TLSv1 },
- #endif
- #ifdef SSL_OP_NO_TLSv1_1
--# if SSL_OP_NO_TLSv1_1 == 0x00000400L
-+# if OPENSSL_VERSION_NUMBER < 0x30000000L
-+# if SSL_OP_NO_TLSv1_1 == 0x00000400L
- /* Error in chosen value in 1.0.1a; see first item in CHANGES for 1.0.1b */
--# warning OpenSSL 1.0.1a uses a bad value for SSL_OP_NO_TLSv1_1, ignoring
--# else
-+# warning OpenSSL 1.0.1a uses a bad value for SSL_OP_NO_TLSv1_1, ignoring
-+# define NO_SSL_OP_NO_TLSv1_1
-+# endif
-+# endif
-+# ifndef NO_SSL_OP_NO_TLSv1_1
- { US"no_tlsv1_1", SSL_OP_NO_TLSv1_1 },
- # endif
- #endif
diff --git a/exim/exim-config.patch b/exim/exim-config.patch
index 8781fafa..e772823f 100644
--- a/exim/exim-config.patch
+++ b/exim/exim-config.patch
@@ -1,6 +1,6 @@
-diff -Nru exim-4.95.orig/src/EDITME exim-4.95/src/EDITME
---- exim-4.95.orig/src/EDITME 2022-01-17 18:08:22.578366880 +0100
-+++ exim-4.95/src/EDITME 2022-01-17 18:12:07.286282151 +0100
+diff -Nru exim-4.96.1.orig/src/EDITME exim-4.96.1/src/EDITME
+--- exim-4.96.1.orig/src/EDITME 2023-10-02 14:52:52.316712933 +0200
++++ exim-4.96.1/src/EDITME 2023-10-02 14:53:24.177000884 +0200
@@ -73,7 +73,7 @@
# this would be wanted.
###############################################################################
@@ -70,7 +70,7 @@ diff -Nru exim-4.95.orig/src/EDITME exim-4.95/src/EDITME
# LOOKUP_IBASE=yes
# LOOKUP_JSON=yes
# LOOKUP_LDAP=yes
-@@ -764,7 +764,7 @@
+@@ -754,7 +754,7 @@
# included in the Exim binary. You will then need to set up the run time
# configuration to make use of the mechanism(s) selected.
@@ -79,7 +79,7 @@ diff -Nru exim-4.95.orig/src/EDITME exim-4.95/src/EDITME
# AUTH_CYRUS_SASL=yes
# AUTH_DOVECOT=yes
# AUTH_EXTERNAL=yes
-@@ -773,7 +773,7 @@
+@@ -763,7 +763,7 @@
# AUTH_HEIMDAL_GSSAPI=yes
# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi
# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi heimdal-krb5
@@ -88,7 +88,7 @@ diff -Nru exim-4.95.orig/src/EDITME exim-4.95/src/EDITME
# AUTH_SPA=yes
# AUTH_TLS=yes
-@@ -911,7 +911,7 @@
+@@ -901,7 +901,7 @@
# %s. This will be replaced by one of the strings "main", "panic", or "reject"
# to form the final file names. Some installations may want something like this:
@@ -97,7 +97,7 @@ diff -Nru exim-4.95.orig/src/EDITME exim-4.95/src/EDITME
# which results in files with names /var/log/exim_mainlog, etc. The directory
# in which the log files are placed must exist; Exim does not try to create
-@@ -960,7 +960,7 @@
+@@ -950,7 +950,7 @@
# files. Both the name of the command and the suffix that it adds to files
# need to be defined here. See also the EXICYCLOG_MAX configuration.
@@ -106,7 +106,7 @@ diff -Nru exim-4.95.orig/src/EDITME exim-4.95/src/EDITME
COMPRESS_SUFFIX=gz
-@@ -975,7 +975,7 @@
+@@ -965,7 +965,7 @@
# ZCAT_COMMAND=zcat
#
# Or specify the full pathname:
@@ -115,7 +115,7 @@ diff -Nru exim-4.95.orig/src/EDITME exim-4.95/src/EDITME
#------------------------------------------------------------------------------
# Compiling in support for embedded Perl: If you want to be able to
-@@ -1126,7 +1126,7 @@
+@@ -1116,7 +1116,7 @@
#
# USE_TCP_WRAPPERS=yes
# CFLAGS=-O -I/usr/local/include
@@ -124,7 +124,7 @@ diff -Nru exim-4.95.orig/src/EDITME exim-4.95/src/EDITME
#
# but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM
# as well.
-@@ -1159,7 +1159,7 @@
+@@ -1149,7 +1149,7 @@
# aliases). The following setting can be changed to specify a different
# location for the system alias file.
@@ -133,7 +133,7 @@ diff -Nru exim-4.95.orig/src/EDITME exim-4.95/src/EDITME
#------------------------------------------------------------------------------
-@@ -1195,7 +1195,7 @@
+@@ -1185,7 +1185,7 @@
#------------------------------------------------------------------------------
# Uncomment this setting to include IPv6 support.
@@ -142,7 +142,7 @@ diff -Nru exim-4.95.orig/src/EDITME exim-4.95/src/EDITME
###############################################################################
# THINGS YOU ALMOST NEVER NEED TO MENTION #
-@@ -1216,13 +1216,13 @@
+@@ -1206,13 +1206,13 @@
# haven't got Perl, Exim will still build and run; you just won't be able to
# use those utilities.
@@ -163,7 +163,7 @@ diff -Nru exim-4.95.orig/src/EDITME exim-4.95/src/EDITME
#------------------------------------------------------------------------------
-@@ -1424,7 +1424,7 @@
+@@ -1414,7 +1414,7 @@
# (process id) to a file so that it can easily be identified. The path of the
# file can be specified here. Some installations may want something like this:
@@ -172,9 +172,9 @@ diff -Nru exim-4.95.orig/src/EDITME exim-4.95/src/EDITME
# If PID_FILE_PATH is not defined, Exim writes a file in its spool directory
# using the name "exim-daemon.pid".
-diff -Nru exim-4.95.orig/src/configure.default exim-4.95/src/configure.default
---- exim-4.95.orig/src/configure.default 2022-01-17 18:08:22.578366880 +0100
-+++ exim-4.95/src/configure.default 2022-01-17 18:10:47.748198676 +0100
+diff -Nru exim-4.96.1.orig/src/configure.default exim-4.96.1/src/configure.default
+--- exim-4.96.1.orig/src/configure.default 2023-10-02 14:52:52.316712933 +0200
++++ exim-4.96.1/src/configure.default 2023-10-02 14:53:24.177000884 +0200
@@ -67,7 +67,7 @@
# +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They
# are all colon-separated lists:
1
0